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Primary sagi : CVSS Source & Patch 
Vendor -- Product Description Published | Score Info 
An issue was discovered in the crunch function in shenzhim aaptjs CVE-2020-36380 
aaptjs_project -- aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath 2021-10-31 L9 Msc OC~™S 
parameters. aa 
An issue was discovered in the remove function in shenzhim CVE-2020-36379 
aaptjs_project -- aaptjs aaptjs 1.3.1, allows attackers to execute arbitrary code via the 2021-10-31 L5 Msc .OtC~™S 
filePath parameters. a 
An issue was discovered in the list function in shenzhim aaptjs CVE-2020-36376 
aaptjs_project -- aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath 2021-10-31 To Msc .OCOC~™S 
parameters. e 
An issue was discovered in the dump function in shenzhim aaptjs CVE-2020-36377 
aaptjs_project -- aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath 2021-10-31 L5 Msc .OC~C~™S 
parameters. Pars 
An issue was discovered in the packageCmd function in shenzhim CVE-2020-36378 
aaptjs_project -- aaptjs aaptjs 1.3.1, allows attackers to execute arbitrary code via the 2021-10-31 Lo Msc an 
filePath parameters. T 
An issue was discovered in the singleCrunch function in shenzhim CVE-2020-36381 
aaptjs_project -- aaptjs aaptjs 1.3.1, allows attackers to execute arbitrary code via the 2021-10-31 L5 Msc .OC~™S 
filePath parameters. Een 
An issue was discovered in the add function in Shenzhim AAPTJS CVE-2020-26707 
aaptjs_project -- aaptjs 1.3.1 which allows attackers to execute arbitrary code via the 2021-10-31 Ta Msc 
filePath parameter. Ea 
Buffer Copy without Checking Size of Input ('Classic Buffer 
: Overflow’) vulnerability in the stats-over-http plugin of Apache CVE-2021-43082 
apache — traffic_server Traffic Server allows an attacker to overwrite memory. This issue Bete i MISC 
affects Apache Traffic Server 9.1.0. 
TwinCAT OPC UA Server in TF6100 and TS6100 in product 
: versions before 4.3.48.0 or with TCOpcUaServer versions below CVE-2021-34594 
DeGhhOH=<MeTOe initials 3.2.0.194 are prone to a relative path traversal that allow ape Ae 8.5 CONFIRM 
administrators to create or delete any files on the system. 
._ Remote Code Execution (RCE) vulnerability exists in 
church_management_system_projediyo urcecodoster Church Management System 1.0 via the image 2021-10-29 LO CVE-2021-41643 
-- church_management_system é MISC 
upload field. 
A vulnerability in the Network Access Manager (NAM) module of 
Cisco AnyConnect Secure Mobility Client for Windows could allow 
an authenticated, local attacker to escalate privileges on an 
cisco -- affected device. This vulnerability is due to incorrect privilege 2021-11-04 72 CVE-2021-40124 
anyconnect_secure_mobility_client assignment to scripts executed before user logon. An attacker s CISCO 
could exploit this vulnerability by configuring a script to be 
executed before logon. A successful exploit could allow the 
attacker to execute arbitrary code with SYSTEM privileges. 
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information, via the tid parameter to index.php. 
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Primary oar A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
Multiple vulnerabilities in the web-based management interface of 
the Cisco Catalyst Passive Optical Network (PON) Series 
Switches Optical Network Terminal (ONT) could allow an 
cisco -- catalyst_pon_switch_cgp- ||unauthenticated, remote attacker to perform the following actions: 2021-11-04 75 CVE-2021-34795 
ont-1p_firmware Log in with a default credential if the Telnet protocol is enabled = CISCO 
Perform command injection Modify the configuration For more 
information about these vulnerabilities, see the Details section of 
this advisory. 
Multiple vulnerabilities in the web-based management interface of 
the Cisco Catalyst Passive Optical Network (PON) Series 
Switches Optical Network Terminal (ONT) could allow an 
cisco -- catalyst_pon_switch_cgp- ||unauthenticated, remote attacker to perform the following actions: 2021-11-04 75 CVE-2021-40113 
ont-1p_firmware Log in with a default credential if the Telnet protocol is enabled 5 CISCO 
Perform command injection Modify the configuration For more 
information about these vulnerabilities, see the Details section of 
this advisory. 
A vulnerability in the web-based management interface of certain 
Cisco Small Business RV Series Routers could allow an 
authenticated, remote attacker with administrative privileges to 
inject arbitrary commands into the underlying operating system 
and execute them using root-level privileges. This vulnerability is CVE-2021-40120 
cisco -- ios_xr due to insufficient validation of user-supplied input. An attacker 2021-11-04 9 cisco 
could exploit this vulnerability by sending malicious input to a eae 
specific field in the web-based management interface of an 
affected device. A successful exploit could allow the attacker to 
execute arbitrary commands on the underlying Linux operating 
system as a user with root-level privileges. 
customer_relationship_managemeni|AsyS@b Ipjedticn vulnerability exists in Sourcecodester Customer CVE-2021-43130 
-- Relationship Management System (CRM) 1.0 via the username 2021-11-03 10 Msc 
customer_relationship_management|psystereter in customer/login.php. ee 
An issue in the component /cgi-bin/upload_firmware.cgi of D-Link we 
dlink -- dir-823g_ firmware DIR-823G REVA1 1.02B05 allows attackers to cause a denial of 2021-11-04 85 MISC 
service (DoS) via unspecified vectors. aA 
MISC 
A command injection vulnerability was discovered in the HNAP1 CVE-2020-25367 
ae aes - protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An EPE MISC 
diink=:di-3a3g firmware attacker is able to execute arbitrary web scripts via shell ave ii L5 MISC 
metacharacters in the Captcha field to Login. MISC 
This affects the package dotty before 0.1.2. A type confusion CVE-2021-23624 
dotty_project -- dotty vulnerability can lead to a bypass of CVE-2021-25912 when the 2021-11-03 L9 MISC 
user-provided keys used in the path parameter are arrays. MISC 
rae Arbitrary file upload vulnerability sysupload.php in millken wages CVE-2021-26740 
doyocms_ projèct dayooms doyocms 2.3 allows attackers to execute arbitrary code. 292411-0 LS MISC 
SQL Injection vulnerability in pay.php in millken doyocms 2.3, CVE-2021-26739 
doyocms_project -- doyocms allows attackers to execute arbitrary code, via the attribute 2021-11-01 Lo Mee 
parameter. =n 
DSpace is an open source turnkey repository application. In 
version 7.0, any community or collection administrator can CVE-2021-41189 
escalate their permission up to become system administrator. This MISC 
duraspace -- dspace vulnerability only exists in 7.0 and does not impact 6.x or below. 2021-10-29 9 MISC 
This issue is patched in version 7.1. As a workaround, users of 7.0 CONFIRM 
may temporarily disable the ability for community or collection MISC 
administrators to manage permissions or workflows settings. 
ai m a oak CVE-2021-41674 
e-negosyo_system_project -- e- An SQL Injection vulnerability exists in Sourcecodester E- MISC 
Negosyo System 1.0 via the user_email parameter in 2021-10-29 Pate! Peay 
negosyo system /admin/login.php MISC 
es MISC 
: ; In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the CVE-2021-41036 
gclipse = paho mat cvcaclient client does not check rem_len size in readpacket. moe ES | Ls CONFIRM 
: ED01-CMS v1.0 was discovered to contain a SQL injection in the CVE-2020-18262 
ed01-cms_project -- ed01-cms component cposts.php via the cid parameter. 2021-11-03 | i MISC 
An arbitrary file upload vulnerability in the image upload function CVE-2020-18261 
ed01-cms_project -- ed01-cms of ED01-CMS v1.0 allows attackers to execute arbitrary 2021-11-03 ES aean =S 
MISC 
commands. 
ericsson -- In Ericsson Network Location MPS GMPC21, it is possible to ee 
. ie aa . : d 2021-11-03 LO MISC 
network_location_mps_gmpc21 inject commands via file_name in the export functionality. MISC 
SQL Injection vulnerability in eyoucms cms v1.4.7, allows 2 F 
eyoucms -- eyoucms attackers to execute arbitrary code and disclose sensitive 2021-11-03 iD ee 
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phpok 5.1, allows attackers to execute arbitrary code. 

















Primary oar A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
An improper authorization vulnerability [CWE-285] in FortiClient 
F aa for Windows versions 7.0.1 and below and 6.4.2 and below may CVE-2021-36183 
fortinet -- forticlient allow a local unprivileged attacker to escalate their privileges to ates La CONFIRM 
SYSTEM via the named pipe responsible for Forticlient updates. 
A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, 
; : version 6.3.15 and below, 6.2.5 and below allows attacker to CVE-2021-36186 
fornet TOWE execute unauthorized code or commands via crafted HTTP ZORTE Ls CONFIRM 
requests 
Certain HP Enterprise LaserJet, HP LaserJet Managed, HP CVE-2021-39238 
hp -- futuresmart_3 Enterprise PageWide, HP PageWide Managed products may be 2021-11-03 75 MSC .OCOC~™S 
vulnerable to potential buffer overflow. Es 
A remote unauthenticated directory traversal security vulnerability 
has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 
, p 1.90 and 1.95. The vulnerability could be remotely exploited to CVE-2021-29212 
hp -- ilo_amplifier_pack i f : 2021-11-01 10 MISC 
allow an unauthenticated user to run arbitrary code leading MISC 
complete impact to confidentiality, integrity, and availability of the Ea 
iLO Amplifier Pack appliance. 
Potential security vulnerabilities have been discovered on a CVE-2021-3704 
hp -- laserjet_pro_j8h60a_firmware ||certain HP LaserJet Pro printer that may allow a Denial of Service || 2021-11-01 138 Msc 
on the device. Ba 
Potential security vulnerabilities have been discovered on a CVE-2021-3705 
hp -- laserjet_pro_j8h61a_firmware ||certain HP LaserJet Pro printer that may allow an unauthorized 2021-11-01 10 Msc 
user to reconfigure, reset the device. == 
A potential local bypass of security restrictions vulnerability has 
been identified in HPE ProLiant DL20 Gen10, HPE ProLiant ML30 
hpe -- Gen10, and HPE ProLiant MicroServer Gen10 Plus server's 2021-11-01 72 CVE-2021-29213 
proliant_microserver_gen10_plus_firfsyebeen ROMs prior to version 2.52. The vulnerability could be R MISC 
locally exploited to cause disclosure of sensitive information, 
denial of service (DoS), and/or compromise system integrity. 
CVE-2021-23509 
This affects the package json-ptr before 3.0.0. A type confusion E 
json-ptr_project -- json-ptr vulnerability can lead to a bypass of CVE-2020-7766 when the 2021-11-03 aS) MISC 
user-provided keys used in the pointer parameter are arrays. MISC 
MISC 
This affects all versions of package json-pointer. A type confusion eee 
jsonpointer_project -- jsonpointer _||vulnerability can lead to a bypass of CVE-2020-7709 when the 2021-11-03 AS MISC 
pointer components are arrays. MISC 
CVE-2021-23807 
This affects the package jsonpointer before 5.0.0. A type MISC 
isonpointer_project -- jsonpointer ||confusion vulnerability can lead to a bypass of a previous 2021-11-03 toe MISC 
Prototype Pollution fix when the pointer components are arrays. MISC 
MISC 
An issue was discovered in net/tipc/crypto.c in the Linux kernel CVE-2021-43267 
before 5.14.16. The Transparent Inter-Process Communication MISC 
linux -- linux_kernel (TIPC) functionality allows remote attackers to exploit insufficient 2021-11-02 Lo MISC 
validation of user-supplied sizes for the MSG_CRYPTO message FEDORA 
type. FEDORA 
: ; Buffer overflow vulnerability in Renleilei1992 
aie in at - Linux_Network_Project 1.0, allows attackers to execute arbitrary 2021-11-03 LO o eeen 
= proj code, via the password field. = 
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the 
miaharaceamanara account associated with a web services token is vulnerable to 2021-11-03 75 aa =e 
being exploited and logged into, resulting in information disclosure = MISC 
(at a minimum) and often escalation of privileges. E 
Remote Code Exection (RCE) vulnerability exists in 
online_food_ordering_system_projegSourcecodester Online Food Ordering System 2.0 via a 2021-10-29 75 CVE-2021-41644 
-- online_food_ordering_system maliciously crafted PHP file that bypasses the image upload aa MISC 
filters. 
Remote Code Execution (RCE) vulnerability exists in 
online_reviewer_system_project -- ||Sourcecodester Online Reviewer System 1.0 by uploading a 2021-10-29 75 CVE-2021-41646 
online_reviewer_system maliciously crafted PHP file that bypasses the image upload ee MISC 
filters.. 
pharmacy_point_of_sale_system_profecSQL_ Injection vulnerabilty exists in the oretnom23 Pharmacy 2021-10-29 75 A ail 
-- pharmacy_point_of_sale_system ||Point of Sale System 1.0 in the login function in actions.php. == MISC 
phones shop_sales_management_sySteanep&ijept Sales Managements System using PHP with Source ICVE-2021-36560 
Code 1.0 is vulnerable to authentication bypass which leads to 2021-11-02 15 MISC 
phone_shop_sales_management_sYatemunt takeover of the admin. MISC 
phpok -- phpok Buffer overflow vulnerability in framework/init.php in qinggan 2021-11-02 | 75 CVE-2020-18440 


MISC 
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can lead to directory traversal. 


MISC 


Primary ae A CVSS Source & Patch 
Vendor -- Product Description Published | Score Info 
Multiple SQL Injection vulnerabilities exist in Sourcecodester 
simple_cashiering_system_project -||Simple Cashiering System (POS) 1.0 via the (1) Product Code in 2021-11-03 75 CVE-2021-41492 
- simple_cashiering_system the pos page in cashiering. (2) id parameter in manage_products T MISC 
and the (3) t paramater in actions.php. 
simple_subscription_website_projecl{SQL Injection vulnerability exists in Sourcecodester. Simple 2021-11-03 75 CVE-2021-43140 
-- simple_subscription_website Subscription Website 1.0. via the login. ae MISC 
Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows 
code injection. rhn-config-satellite.p! doesn't sanitize the 
configuration filename used to append Spacewalk-specific key- z 7 
spacewalk project spacewalk value pair. The script is intended to be run by the tomcat user 2021-11-01 93 A 
P proj P account with Sudo, according to the installation setup. This can ES CONFIRM 
lead to the ability of an attacker to use --option to append arbitrary E 
code to a root-owned file that eventually will be executed by the 
system. This is fixed in Uyuni spacewalk-admin 4.3.2-1. 
CVE-2021-3756 
symonics -- libmysofa libmysofa is vulnerable to Heap-based Buffer Overflow 2021-10-29 Ge MISC 
CONFIRM 
Stack-based buffer overflow in Tenda AC-10U AC1200 Router 
l US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote EVF -2020-22079 
tendacn -- ac10u_firmware : ; ; 2021-10-29 15 MISC 
attackers to execute arbitrary code via the timeZone parameter to MISC 
goform/SetSysTimeCfg. (seers 
‘Thunderdome is an open source agile planning poker tool in the 
theme of Battling for points. In affected versions there is an LDAP 
injection vulnerability which affects instances with LDAP ato 
thunderdome -- planning_poker authentication enabled. The provided username is not properly 2021-11-02 78 Msc 
escaped. This issue has been patched in version 1.16.3. If users MISC 
are unable to update they should disable the LDAP feature if in e 
use. 
CVE-2021-42574 
An issue was discovered in the Bidirectional Algorithm in the MISC 
Unicode Specification through 14.0. It permits the visual MISC 
reordering of characters via control sequences, which can be used MLIST 
: P to craft source code that renders different logic than the logical MLIST 
unicode =-unicode ordering of tokens ingested by compilers and interpreters. 202411-9 Ls MLIST 
Adversaries can leverage this to encode source code for MLIST 
compilers accepting Unicode such that targeted vulnerabilities are MLIST 
introduced invisibly to human reviewers. FEDORA 
FEDORA 
An issue was discovered in the character definitions of the 
Unicode Specification through 14.0. The specification allows an CVE-2021-42694 
adversary to produce source code identifiers such as function MISC 
unicode -- unicode names using homoglyphs that render visually identical to a target || 2021-11-01 15 MISC 
identifier. Adversaries can leverage this to inject code via MLIST 
adversarial identifier definitions in upstream software MLIST 
dependencies invoked deceptively in downstream software. 
SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers CVE-2020-23685 
vtimecn -- 188jianzhan to execute arbitrary code and gain escalated privileges, via the 2021-11-02 Pac) MISC... 
username parameter to login.php. Fess a 
An issue was found in /showReports.do Zoho ManageEngine 
AR ie applications: mana Applications Manager up to 14550, allows attackers to gain 2021-11-03 iD -T mma 
geengine_app = Iscalated privileges via the resourceid parameter. = 
ManageEngine Log360 Builds < 5235 are affected by an improper 
access control vulnerability allowing database configuration 
overwrite. An unauthenticated remote attacker can send a 
= : specially crafted message to Log360 to change its backend re CVE-2021-20136 
żohocórp = mañageengine_log360 database to an attacker-controlled database and to force Log360 2021=11:01 = MISC 
to restart. An attacker can leverage this vulnerability to achieve 
remote code execution by replacing files executed by Log360 on 
startup. 
Back to top 
Medium Vulnerabilities 
Primary a : CVSS Source & Patch 
Vendor -- Product Description Published | Score Info 
Akka HTTP 10.1.x and 10.2.x before 10.2.7 can encounter stack CVE-2021-42697 
exhaustion while parsing HTTP headers, which allows a remote MISC 
alia http_sērver attacker to conduct a Denial of Service attack by sending a User- ene tite a MISC 
Agent header with deeply nested comments. MISC 
alibaba -- druid In Druid 1.2.3, visiting the path with parameter in a certain function 2021-11-03 | 5 CVE-2021-33800 
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Baijiacms V4 which allows attackers to arbitrarily delete folders on 
the server via the "id" parameter. 

















MISC 


Primary oar A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
Office Server Document Converter V7.2MR4 and earlier and 
antennahouse’ V7.1MR7 and earlier allows a remote unauthenticated attacker to CVE-2021-20838 
oifice server document converter conduct an XML External Entity (XXE) attack to cause a denial of || 2021-11-01 5 MISC 
= = = service (DoS) condition by processing a specially crafted XML MISC 
document. 
Office Server Document Converter V7.2MR4 and earlier and 
antannahouse = V7.1MR7 and earlier allows a remote unauthenticated attacker to CVE-2021-20839 
Silica: server document converter conduct an XML External Entity (XXE) attack to cause a denial of || 2021-11-01 4.3 MISC 
= = = service (DoS) condition to the other servers by processing a MISC 
specially crafted XML document. 
In Apache DolphinScheduler before 1.3.6 versions, authorized CVE-2021-27644 
: users can use SQL injection in the data source center. (Only MISC 
apache — dolphinscheduler applicable to MySQL data source with internal login account PORATION G MLIST 
password) MLIST 
In Apache MINA, a specifically crafted, malformed HTTP request 
may cause the HTTP Header decoder to loop indefinitely. The or mean 
apache -- mina decoder assumed that the HTTP Header begins at the beginning 2021-11-01 4.3 MUST 
of the buffer and loops if there is more data than expected. Please MLIST 
update MINA to 2.1.5 or greater. 
Improper input validation vulnerability in header parsing of Apache CVE-2021-37148 
apache -- traffic_server Traffic Server allows an attacker to smuggle requests. This issue 2021-11-03 5 niam SO 
MISC 
affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1. mans 
Improper input validation vulnerability in header parsing of Apache CVE-2021-37147 
apache -- traffic_server Traffic Server allows an attacker to smuggle requests. This issue 2021-11-03 5 Msc 
affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0. Ea 
Improper Input Validation vulnerability in header parsing of 
= 5 Apache Traffic Server allows an attacker to smuggle requests. Aa CVE-2021-37149 
apache trafie servér This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to|| 2021-11-03 5 |misc 
9.1.0. 
Improper Input Validation vulnerability in accepting socket 
: connections in Apache Traffic Server allows an attacker to make CVE-2021-41585 
apache — traffic_server the server stop accepting new connections. This issue affects EOE DEOS 5 MISC 
Apache Traffic Server 5.0.0 to 9.1.0. 
Improper Authentication vulnerability in TLS origin verification of CVE-2021-38161 
apache -- traffic_server Apache Traffic Server allows for man in the middle attacks. This 2021-11-03 6.8 Msc 
issue affects Apache Traffic Server 8.0.0 to 8.0.8. e 
With an admin account, the .htaccess file in Artica Pandora FMS 
<=755 can be overwritten with the File Manager component. The m E 
artica -- pandora_fms new .htaccess file contains a Rewrite Rule with a type definition. A|| 2021-11-03 4.6 Peres 
MISC 
normal PHP file can be uploaded with this new "file type" and the MISC 
code can be executed with an HTTP request. a 
Affected versions of Atlassian Jira Server and Data Center allow a 
remote attacker who has had their access revoked from Jira 
; Service Management to enable and disable Issue Collectors on CVE-2021-41312 
atlassian — data_center Jira Service Management projects via an Improper Authentication ee 5 MISC 
vulnerability in the /secure/ViewCollectors endpoint. The affected 
versions are before version 8.19.1. 
Affected versions of Atlassian Jira Server and Data Center allow 
: authenticated but non-admin remote attackers to edit email batch 
eau datacenter configurations via an Improper Authorization vulnerability in the 2021-11-01 4 m 
pira = = /secure/admin/ConfigureBatching!default.jspa endpoint. The fae 
affected versions are before version 8.21.0. 
Affected versions of Atlassian Jira Server and Data Center allow 
anonymous remote attackers to inject arbitrary HTML or 
ais = JavaScript via a Cross-Site Scripting (XSS) vulnerability in the z $ 
ie eee Associated Projects feature 2021-11-01 43 o en 
pira = = (/secure/admin/AssociatedProjectsForCustomField.jspa). The N 
affected versions are before version 8.5.19, from version 8.6.0 
before 8.13.11, and from version 8.14.0 before 8.19.1. 
The AutomatorWP WordPress plugin before 1.7.6 does not 
perform capability checks which allows users with Subscriber CVE-2021-24717 
automatorwp -- automatorwp roles to enumerate automations, disclose title of private posts or 2021-11-01 6.5 Msc 
user emails, call functions, or perform privilege escalation via Ajax = 
actions. 
A directory traversal vulnerability in the component 
baijiacms_project -- baijiacms system/manager/class/web/database.php was discovered in 2021-10-29 4 CVE-2020-25873 
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bootstrap_table_project -- 
bootstrap_table 


This affects all versions of package bootstrap-table. A type 
confusion vulnerability can lead to a bypass of input sanitization 
when the input provided to the escapeHTML function is an array 
(instead of a string) even if the escape attribute is set. 


2021-11-03 


CVE-2021-23472 
MISC 
MISC 
MISC 
MISC 
MISC 
MISC 








budget_and_expense_tracker_syste' 


Þudget-and expense stacker systa 


Remote Code Execution (RCE) vulnerability exists in 
\BoureScodester Budget and Expense Tracker System 1.0 that 
allows a remote malicious user to inject arbitrary code via the 


limage upload field. . 


2021-10-29 


CVE-2021-41645 
MISC 








c-http_ project -- c-http 


Buffer overflow vulnerability in YotsuyaNight c-http v0.1.0, allows 
attackers to cause a denial of service via a long url request which 
is passed to the delimitedread function. 


2021-11-02 


In 


CVE-2020-21574 
MISC 








chamilo -- chamilo_Ims 


Chamilo LMS version 1.11.10 contains an XSS vulnerability in the 
personal profile edition form, affecting the user him/herself and 
social network friends. 


2021-11-03 


CVE-2020-23126 
MISC 








cisco -- catalyst_pon_switch_cgp- 
ont-1p_firmware 


Multiple vulnerabilities in the web-based management interface of 
the Cisco Catalyst Passive Optical Network (PON) Series 
Switches Optical Network Terminal (ONT) could allow an 
unauthenticated, remote attacker to perform the following actions: 
Log in with a default credential if the Telnet protocol is enabled 
Perform command injection Modify the configuration For more 
information about these vulnerabilities, see the Details section of 
this advisory. 


2021-11-04 


In 


CVE-2021-40112 
CISCO 








cisco -- 
collaboration_meeting_rooms 


A vulnerability in the web-based management interface of Cisco 
Webex Video Mesh could allow an unauthenticated, remote 
attacker to redirect a user to a malicious web page. This 
vulnerability is due to improper input validation of the URL 
parameters in an HTTP request. An attacker could exploit this 
vulnerability by persuading a user to click a crafted link. A 
successful exploit could allow the attacker to redirect a user to a 
malicious website. Attackers may use this type of vulnerability, 
known as an open redirect attack, as part of a phishing attack to 
persuade users to unknowingly visit malicious sites. 


2021-11-04 


CVE-2021-1500 
CISCO 








cisco -- 
collaboration_meeting_rooms 


A vulnerability in Cisco Webex Video Mesh could allow an 
unauthenticated, remote attacker to conduct a cross-site scripting 
(XSS) attack against a user of the interface. This vulnerability is 
due to insufficient validation of user-supplied input by the web- 
based management interface. An attacker could exploit this 
vulnerability by persuading a user to click a crafted link. A 
successful exploit could allow the attacker to execute arbitrary 
script code in the context of the interface or access sensitive, 
browser-based information. 


2021-11-04 


CVE-2021-40115 
CISCO 








cisco -- 


A vulnerability in the web-based management interface of Cisco 
Common Services Platform Collector (CSPC) could allow an 
authenticated, remote attacker to access sensitive data on an 
affected system. This vulnerability exists because the application 
does not sufficiently protect sensitive data when responding to a 
specific API request. An attacker could exploit the vulnerability by 


common_services_platform_collectajsending a crafted HTTP request to the affected application. A 


successful exploit could allow the attacker to obtain sensitive 
information about the users of the application, including security 
questions and answers. To exploit this vulnerability an attacker 
would need valid Administrator credentials. Cisco expects to 
release software updates that address this vulnerability. 


2021-11-04 


IA 


CVE-2021-34774 
CISCO 








cisco -- umbrella 





A vulnerability in the web-based dashboard of Cisco Umbrella 
could allow an authenticated, remote attacker to perform an email 
enumeration attack against the Umbrella infrastructure. This 
vulnerability is due to an overly descriptive error message on the 
dashboard that appears when a user attempts to modify their 


An attacker could exploit this vulnerability by attempting to modify 
the user's email address. A successful exploit could allow the 








attacker to enumerate email addresses of users in the system. 


email address when the new address already exists in the system. 








2021-11-04 





a 





CVE-2021-40126 
CISCO 
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cisco -- 


unified_communications_manager 


A vulnerability in the web-based management interface of Cisco 
Unified Communications Manager (Unified CM), Cisco Unified 
Communications Manager Session Management Edition (Unified 
CM SMB), and Cisco Unified Communications Manager IM &amp; 
Presence Service (Unified CM IM&amp;P) could allow an 
unauthenticated, remote attacker to conduct a cross-site request 
forgery (CSRF) attack on an affected device. This vulnerability is 
due to insufficient CSRF protections for the web-based 
management interface on an affected device. An attacker could 
exploit this vulnerability by persuading a user of the interface to 
click a malicious link. A successful exploit could allow the attacker 
to perform arbitrary actions with the privilege level of the targeted 
user. These actions could include modifying the device 
configuration and deleting (but not creating) user accounts. 


2021-11-04 


CVE-2021-34773 
CISCO 








cisco -- 


unified_communications_manager 


A vulnerability in the web-based management interface of Cisco 
Unified Communications Manager (Unified CM), Cisco Unified 
Communications Manager Session Management Edition (Unified 
CM SMB), Cisco Unified Communications Manager IM &amp; 
Presence Service (Unified CM IM&amp;P), and Cisco Unity 
Connection could allow an authenticated, remote attacker to 
access sensitive data on an affected device. This vulnerability 
exists because the web-based management interface does not 
properly validate user-supplied input. An attacker could exploit this 
vulnerability by sending a crafted HTTP request that contains 
directory traversal character sequences to an affected system. A 
successful exploit could allow the attacker to access sensitive files 
on the affected system. 


2021-11-04 


a 


CVE-2021-34701 
CISCO 








cisco -- webex_meetings 


A vulnerability in the account activation feature of Cisco Webex 
Meetings could allow an unauthenticated, remote attacker to send 
an account activation email with an activation link that points to an 
arbitrary domain. This vulnerability is due to insufficient validation 
of user-supplied parameters. An attacker could exploit this 
vulnerability by sending a crafted HTTP request to the account 
activation page of Cisco Webex Meetings. A successful exploit 
could allow the attacker to send to any recipient an account 
activation email that contains a tampered activation link, which 
could direct the user to an attacker-controlled website. 


2021-11-04 


ln 


CVE-2021-40128 
CISCO 








connections-pro -- 


connections_business_directory 


The Connections Business Directory WordPress plugin before 9.7 
does not validate or sanitise some connections' fields, which could 
lead to a CSV injection issue 


2021-11-01 


ID 


CVE-2020-36503 
MISC 
MISC 








d-link -- dir-868lw_firmware 


Several web interfaces in D-Link DIR-868LW 1.12b have no 
authentication requirements for access, allowing for attackers to 
obtain users' DNS query history. 


2021-10-31 


In 


CVE-2021-33259 
MISC 
MISC 
MISC 
MISC 








datalust -- seq.app.emailplus 


Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev- 
00148, 3.1.0-dev-00170, and 3.1.0-dev-00176 can use cleartext 
SMTP on port 25 in some cases where encryption on port 465 
was intended. 


2021-11-02 


ln 


CVE-2021-43270 
MISC 








delete_all_comments_easily_project 
-- delete_all_comments_easily 


The Delete All Comments Easily WordPress plugin through 1.3 is 
lacking Cross-Site Request Forgery (CSRF) checks, which could 
result in an unauthenticated attacker making a logged in admin 
delete all comments from the blog. 


2021-11-01 


CVE-2020-36505 
MISC 
MISC 








deltaww -- dialink 


Delta Electronics DIALink versions 1.2.4.0 and prior runs by 
default on HTTP, which may allow an attacker to be positioned 
between the traffic and perform a machine-in-the-middle attack to 
access information without authorization. 


2021-11-03 


CVE-2021-38418 
MISC 








deltaww -- dialink 


Delta Electronics DIALink versions 1.2.4.0 and prior stores 
sensitive information in cleartext, which may allow an attacker to 
have extensive access to the application directory and escalate 
privileges. 


2021-11-03 


CVE-2021-38422 
MISC 








deltaww -- dialink 


The tag interface of Delta Electronics DIALink versions 1.2.4.0 
and prior is vulnerable to an attacker injecting formulas into the 
tag data. Those formulas may then be executed when it is opened 
with a spreadsheet application. 


2021-11-03 


CVE-2021-38424 
MISC 








deltaww -- dialink 


Delta Electronics DIALink versions 1.2.4.0 and prior default 
permissions give extensive permissions to low-privileged user 
accounts, which may allow an attacker to modify the installation 
directory and upload malicious files. 


2021-11-03 


CVE-2021-38420 
MISC 








deltaww -- dialink 








Delta Electronics DIALink versions 1.2.4.0 and prior insecurely 
loads libraries, which may allow an attacker to use DLL hijacking 





and takeover the system where the software is installed. 








2021-11-03 








CVE-2021-38416 





MISC 
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dhis2 -- dhis_2 


DHIS 2 is an information system for data capture, management, 
validation, analytics and visualization. A SQL injection security 
vulnerability has been found in specific versions of DHIS2. This 
vulnerability affects the API endpoints for 
/api/trackedEntityInstances and api/events in DHIS2. The system 
is vulnerable to attack only from users that are logged in to DHIS2, 
and there is no known way of exploiting the vulnerability without 
first being logged in as a DHIS2 user. A successful exploit of this 
vulnerability could allow the malicious user to read, edit and delete 
data in the DHIS2 instance. There are no known exploits of the 
security vulnerabilities addressed by these patch releases. 
However, we strongly recommend that all DHIS2 implementations 
using versions 2.32, 2.33, 2.34, 2.35 and 2.36 install these 
patches as soon as possible. There is no straightforward known 
workaround for DHIS2 instances using the Tracker functionality 
other than upgrading the affected DHIS2 server to one of the 
patches in which this vulnerability has been fixed. For 
implementations which do NOT use Tracker functionality, it may 
be possible to block all network access to POST to the 
/api/trackedEntityInstance and /api/events endpoints as a 
temporary workaround while waiting to upgrade. 


2021-11-01 


CVE-2021-41187 
CONFIRM 








dhis2 -- dhis_2 


DHIS 2 is an information system for data capture, management, 
validation, analytics and visualization. A SQL Injection vulnerability 
in the Tracker component in DHIS2 Server allows authenticated 
remote attackers to execute arbitrary SQL commands via 
unspecified vectors. This vulnerability affects the 
`/api/trackedEntitylnstances` and 
`/api/trackedEntitylnstances/query` API endpoints in all DHIS2 
versions 2.34, 2.35, and 2.36. It also affects versions 2.32 and 
2.33 which have reached _end of support_ - exceptional security 
updates have been added to the latest *end of support* builds for 
these versions. Versions 2.31 and older are unaffected. The 
system is vulnerable to attack only from users that are logged in to 
DHIS2, and there is no known way of exploiting the vulnerability 
without first being logged in as a DHIS2 user. The vulnerability is 
not exposed to a non-malicious user - the vulnerability requires a 
conscious attack to be exploited. A successful exploit of this 
vulnerability could allow the malicious user to read, edit and delete 
data in the DHIS2 instance. There are no known exploits of the 
security vulnerabilities addressed by these patch releases. 
Security patches are available in DHIS2 versions 2.32-EOS, 2.33- 
EOS, 2.34.7, 2.35.7, and 2.36.4. There is no straightforward 
known workaround for DHIS2 instances using the Tracker 
functionality other than upgrading the affected DHIS2 server to 
one of the patches in which this vulnerability has been fixed. For 
implementations which do NOT use Tracker functionality, it may 
be possible to block all network access to POST to the 
`/api/trackedEntitylnstances`, and 
`/api/trackedEntitylnstances/query` endpoints as a temporary 
workaround while waiting to upgrade. 


2021-10-29 


CVE-2021-39179 
CONFIRM 

MISC 

MISC 








e-negosyo_system_project -- e- 
negosyo_system 


A Remote Code Execution (RCE) vulnerabilty exists in 
Sourcecodester E-Negosyo System 1.0 in 
/admin/produts/controller.php via the dolnsert function, which 
validates images with getlmageSizei. . 


2021-10-29 


CVE-2021-41675 
MISC 








ec_cloud_e- 
commerce_system_project -- 
ec_cloud_e-commerce_system 


EC Cloud E-Commerce System v1.3 was discovered to contain a 
Cross-Site Request Forgery (CSRF) which allows attackers to 
arbitrarily add admin accounts via /admin.html?do=user&act=add. 


2021-11-04 


CVE-2020-21139 
MISC 








ed01-cms_project -- ed01-cms 


ED01-CMS v1.0 was discovered to contain a reflective cross-site 
scripting (XSS) vulnerability in the component sposts.php. This 
vulnerability allows attackers to execute arbitrary web scripts or 
HTML via a crafted payload inserted into the Post title or Post 
content fields. 


2021-11-03 


CVE-2020-18259 
MISC 








elkarbackup -- elkarbackup 


Cross Site Scripting (XSS) vulnerability in ElkarBackup 1.3.3, 
allows attackers to execute arbitrary code via the name parameter 
to the add client feature. 


2021-11-02 


CVE-2020-35249 
MISC 








ericsson -- 
network_location_mps_gmpc21 


In Ericsson Network Location MPS GMPC27, it is possible to 
creates a new admin user with a SQL Query for file_name in the 
export functionality. 


2021-11-03 


CVE-2021-43338 
MISC 
MISC 








fimer -- aurora_vision 


An issue was discovered in Fimer Aurora Vision before 2.97.10. 
An attacker can (in the WebUI) obtain plant information without 
authentication by reading the response of APIs from a kiosk view 
of a plant. 


2021-11-03 


CVE-2021-33210 
MISC 
MISC 








fimer -- aurora_vision 








An issue was discovered in Fimer Aurora Vision before 2.97.10. 
The response to a failed login attempt discloses whether the 
username or password is wrong, helping an attacker to enumerate 





usernames. This can make a brute-force attack easier. 








2021-11-03 





In 








CVE-2021-33209 
MISC 
MISC 
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Primary ae A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
The Flat Preloader WordPress plugin before 1.5.4 does not 
enforce nonce checks when saving its settings, as well as does 
flat_preloader_project -- not sanitise and escape them, which could allow attackers to a 2021-11-01 5 CVE-2021-24685 
flat_preloader make logged in admin change them with a Cross-Site Scripting = MISC 
payload (triggered either in the frontend or backend depending on 
the payload) 
Fluentd collects events from various data sources and writes them 
to files to help unify logging infrastructure. The parser_apache2 
plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular 
expression denial of service (ReDoS) vulnerability. A broken 
apache log with a certain pattern of string can spend too much CVE-2021-41186 
time in a regular expression, resulting in the potential for a DoS MISC 
Hino i Eia attack. This issue is patched in version 1.14.2 There are two 20211029 5 MISC 
workarounds available. Either don't use parser_apache2 for CONFIRM 
parsing logs (which cannot guarantee generated by Apache), or 
put patched version of parser_apache2.rb into /etc/fluent/plugin 
directory (or any other directories specified by the environment 
Variable -FLUENT_PLUGIN* or *--plugin’ option of fluentd). 
A cleartext storage of sensitive information in GUI in FortiADC 
versions 5.4.3 and below, 6.0.0 and below may allow a remote CVE-2020-15935 
fortinet -- fortiadc authenticated attacker to retrieve some sensitive information such || 2021-11-02 4 CONFIRM 
as users LDAP passwords and RADIUS shared secret by e 
deobfuscating the passwords entry fields. 
An improper access control vulnerability [CWE-284] in a Z 
Fartinetcstortimanaaer FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated 2021-11-02 4 on = 
9 attacker with a restricted user profile to modify the VPN tunnel 5 Msc 
status of other VDOMs using VPN Manager. ae 
An improper validation of certificate with host mismatch [CWE- 
297] vulnerability in FortiOS versions 6.4.6 and below may allow CVE-2021-41019 
fortinet -- fortios the connection to a malicious LDAP server via options in GUI, 2021-11-02 4.3 CONFIRM 
leading to disclosure of sensitive information, such as AD a 
credentials. 
Multiple uncontrolled resource consumption vulnerabilities in the 
; ; web interface of FortiPortal before 6.0.6 may allow a single low- CVE-2021-32595 
foring e orpona] privileged user to induce a denial of service via multiple HTTP ene Ane 4 CONFIRM 
requests. 
An improper restriction of XML external entity reference 
vulnerability in the parser of XML responses of FortiPortal before 
: ; 6.0.6 may allow an attacker who controls the producer of XML CVE-2021-36172 
format =naiapertal reports consumed by FortiPortal to trigger a denial of service or ene tate na CONFIRM 
read arbitrary files from the underlying file system by means of 
specifically crafted XML documents. 
Multiple uncontrolled resource consumption vulnerabilities in the 
: ; web interface of FortiPortal before 6.0.6 may allow a single low- CVE-2021-36176 
foringi = orpona] privileged user to induce a denial of service via multiple HTTP Z0 4.3 CONFIRM 
requests. 
A memory allocation with excessive size value vulnerability in the 
p : license verification function of FortiPortal before 6.0.6 may allow CVE-2021-36174 
fortinet -- fortiportal an attacker to perform a denial of service attack via specially 2021:11-02 5 CONFIRM 
crafted license blobs. 
A improper privilege management in Fortinet FortiSIEM Windows CVE-2021-41022 
fortinet -- fortisiem Agent version 4.1.4 and below allows attacker to execute 2021-11-02 4.6 BANS s 
i : ? CONFIRM 
privileged code or commands via powershell scripts 
A uncontrolled resource consumption in Fortinet FortiWeb version 
; ; 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker CVE-2021-36187 
POPE Lone to cause a denial of service for webserver daemon via crafted AORTNE 5 CONFIRM 
HTTP requests 
A improper neutralization of Special Elements used in an SQL 
: i Command ('SQL Injection’) in Fortinet FortiWLM version 8.6.1 and CVE-2021-36184 
LOrE t CONU below allows attacker to disclosure device, users and database 2021711-02 4 CONFIRM 
information via crafted HTTP requests. 
A improper neutralization of special elements used in an OS 
3 : command ('OS Command Injection’) in Fortinet FortiWLM version CVE-2021-36185 
fonhnee = Torin 8.6.1 and below allows attacker to execute unauthorized code or || 2021-11-02 B5 CONFIRM 
commands via crafted HTTP requests. 
A vulnerability exists within the FileManagerController.php function CVE-2020-25872 
frogcms_project -- frogcms in FrogCMS 0.9.5 which allows an attacker to perform a directory || 2021-10-29 4 ia = =2SCSOtOS 
traversal attack via a GET request urlencode parameter. eer 
A XML External Entity (XXE) vulnerability was discovered in si f 
Steymphony = symphon symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 2021-10-31 6.4 ee 
a le cel a SYMPNONY, which can lead to an information disclosure or denial of service — MISC 
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Primary oar A CVSS Source & Patch 
Vendor -- Product Description Published | Score Info 
Buffer overflow vulnerability in function 
iiec broject = alce src_parser_trans_stage_1_2_3 trgil gilcc before commit 2021-11-02 5 ne 
iad i aa 803969389ca9c06237075a7f8eeb1a19e6651 759, allows ee 
attackers to cause a denial of service. Ss 
Out of bounds read in ANGLE allowed a remote attacker to obtain CVE-2020-16048 
google — angle sensitive data via a crafted HTML page. 2021-11-02 | 43 MISC 
Inappropriate implementation in Sandbox in Google Chrome prior e 
google -- chrome to 94.0.4606.81 allowed a remote attacker to potentially bypass 2021-11-02 4.3 MISC 
site isolation via Windows. FEDORA 
Inappropriate implementation in Blink in Google Chrome prior to ICVE-2021-37989 
google -- chrome 95.0.4638.54 allowed a remote attacker to abuse content security || 2021-11-02 4.3 MISC 
policy via a crafted HTML page. MISC 
Inappropriate implementation in iFrame Sandbox in Google CVE-2021-37994 
google -- chrome Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass|/ 2021-11-02 4.3 MISC 
navigation restrictions via a crafted HTML page. MISC 
Inappropriate implementation in WebApp Installer in Google 
podle'=chrome Chrome prior to 95.0.4638.54 allowed a remote attacker to 2021-11-02 43 i aaa 
goog potentially overlay and spoof the contents of the Omnibox (URL = MISC 
bar) via a crafted HTML page. A 
Insufficient validation of untrusted input Downloads in Google CVE-2021-37996 
google -- chrome Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass|| 2021-11-02 4.3 MISC 
navigation restrictions via a malicious file. MISC 
Insufficient policy enforcement in USB in Google Chrome on CVE-2018-6125 
google -- chrome Windows prior to 67.0.3396.62 allowed a remote attacker to obtain|| 2021-11-02 4.3 Msc — 
potentially sensitive information via a crafted HTML page. re 
Inappropriate implementation in WebView in Google Chrome on CVE-2021-37990 
google -- chrome Android prior to 95.0.4638.54 allowed a remote attacker to leak 2021-11-02 4.3 MISC 
cross-origin data via a crafted app. MISC 
Type confusion in WebAssembly in Google Chrome prior to CVE-2018-6122 
google -- chrome 66.0.3359.139 allowed a remote attacker to potentially exploit 2021-11-02 6.8 MISC. 
heap corruption via a crafted HTML page. eee 
Use after free in Incognito in Google Chrome prior to 95.0.4638.54 CVE-2021-37982 
google -- chrome allowed a remote attacker to potentially exploit heap corruption via || 2021-11-02 6.8 MISC 
a crafted HTML page. MISC 
Heap buffer overflow in Blink in Google Chrome prior to "1 AEN 
google -- chrome 94.0.4606.81 allowed a remote attacker to potentially exploit heap || 2021-11-02 6.8 MISC 
corruption via a crafted HTML page. FEDORA 
Use after free in Dev Tools in Google Chrome prior to CVE-2021-37983 
google -- chrome 95.0.4638.54 allowed a remote attacker to potentially exploit heap || 2021-11-02 6.8 MISC 
corruption via a crafted HTML page. MISC 
Heap buffer overflow in PDFium in Google Chrome prior to CVE-2021-37984 
google -- chrome 95.0.4638.54 allowed a remote attacker to potentially exploit heap || 2021-11-02 6.8 MISC 
corruption via a crafted HTML page. MISC 
Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a CVE-2021-37991 
google -- chrome remote attacker to potentially exploit heap corruption via a crafted || 2021-11-02 5.1 MISC 
HTML page. MISC 
Use after free in V8 in Google Chrome prior to 95.0.4638.54 
allowed a remote attacker who had convinced a user to allow for CVE-2021-37985 
google -- chrome : ; f 5 $ 2021-11-02 6.8 MISC 
connection to debugger to potentially exploit heap corruption via a MISC 
crafted HTML page. e 
Heap buffer overflow in Skia in Google Chrome prior to 
jodle:=chrome 95.0.4638.54 allowed a remote attacker who had compromised 2021-11-02 68 n = 
goog the renderer process to potentially perform a sandbox escape via — MISC 
a crafted HTML page. parE 
Heap buffer overflow in Settings in Google Chrome prior to CVE-2021-37986 
google -- chrome 95.0.4638.54 allowed a remote attacker to engage with Dev Tools || 2021-11-02 6.8 MISC 
to potentially exploit heap corruption via a crafted HTML page. MISC 
Use after free in Garbage Collection in Google Chrome prior to vi a 
google -- chrome 94.0.4606.81 allowed a remote attacker to potentially exploit heap || 2021-11-02 6.8 MISC 
corruption via a crafted HTML page. FEDORA 
Use after free in Network APIs in Google Chrome prior to CVE-2021-37987 
google -- chrome 95.0.4638.54 allowed a remote attacker to potentially exploit heap || 2021-11-02 6.8 MISC 
corruption via a crafted HTML page. MISC 
Use after free in Profiles in Google Chrome prior to 95.0.4638.54 CVE-2021-37988 
doole chrome allowed a remote attacker who convinced a user to engage in 2021-11-02 68 MISC. — 
goog specific gestures to potentially exploit heap corruption via a ae MISC 
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trusts. IBM X-Force ID: 207123. 
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Prima ae : CVSS Source & Patch 
Vendor -- die Description Published | Score Info 
Out of bounds read in WebAudio in Google Chrome prior to CVE-2021-37992 
google -- chrome 95.0.4638.54 allowed a remote attacker to potentially exploit heap || 2021-11-02 6.8 MISC 
corruption via a crafted HTML page. MISC 
Use after free in PDF Accessibility in Google Chrome prior to CVE-2021-37993 
google -- chrome 95.0.4638.54 allowed a remote attacker to potentially exploit heap || 2021-11-02 6.8 MISC 
corruption via a crafted HTML page. MISC 
Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 CVE-2020-6492 
google -- chrome allowed a remote attacker to potentially perform a sandbox 2021-11-02 6.8 MISC 
escape via a crafted HTML page. MISC 
heap buffer overflow in WebRTC in Google Chrome prior to CVE-2021-37979 
obale = chrome 94.0.4606.81 allowed a remote attacker who convinced a user to 2021-11-02 6.8 MISC 
goog browse to a malicious website to potentially exploit heap EE MISC 
corruption via a crafted HTML page. FEDORA 
Grafana is an open-source platform for monitoring and 
observability. In affected versions if an attacker is able to convince 
a victim to visit a URL referencing a vulnerable page, arbitrary 
JavaScript content may be executed within the context of the 
victim's browser. The user visiting the malicious link must be 
unauthenticated and the link must be for a page that contains the 
login button in the menu bar. The url has to be crafted to exploit 
AngularJS rendering and contain the interpolation binding for e 
AngularJS expressions. AngularJS uses double curly braces for AEA. 
grafana -- grafana interpolation binding: up as i 2021-11-03 aa ore 
{{constructor.constructor(a€alert(1)a€™ )()}}. When the user CONFIRM 
follows the link and the page renders, the login button will contain a 
the original link with a query parameter to force a redirect to the 
login page. The URL is not validated and the AngularJS rendering 
engine will execute the JavaScript expression contained in the 
URL. Users are advised to upgrade as soon as possible. If for 
some reason you cannot upgrade, you can use a reverse proxy or 
similar to block access to block the literal string {{ in the path. 
Hangfire is an open source system to perform background job 
processing in a .NET or .NET Core applications. No Windows 
Service or separate process required. Dashboard UI in 
Hangfire.Core uses authorization filters to protect it from showing 
sensitive data to unauthorized users. By default when no custom 
authorization filters specified, 
*LocalRequestsOnlyAuthorizationFilter’ filter is being used to allow 
only local requests and prohibit all the remote requests to provide 
sensible, protected by default settings. However due to the recent 
changes, in version 1.7.25 no authorization filters are used by 
default, allowing remote requests to succeed. If you are using 
hangfire -- hangfire `UseHangfireDashboard` method with default 2021-11-02 5 aa =a 
*DashboardOptions.Authorization’ property value, then your pa CONFIRM 
installation is impacted. If any other authorization filter is specified a 
in the ‘DashboardOptions.Authorization’ property, the you are not 
impacted. Patched versions (1.7.26) are available both on 
Nuget.org and as a tagged release on the github repo. Default 
authorization rules now prohibit remote requests by default again 
by including the ‘LocalRequestsOnlyAuthorizationFilter’ filter to 
the default settings. Please upgrade to the newest version in order 
to mitigate the issue. For users who are unable to upgrade it is 
possible to mitigate the issue by using the 
*LocalRequestsOnlyAuthorizationFilter’ explicitly when configuring 
the Dashboard UI. 
The Hashthemes Demo Importer Plugin <= 1.1.1 for WordPress 
contained several AJAX functions which relied on a nonce which 
Sa WHE “Jemo importer was visible to all logged-in users for access control, allowing them || 2021-11-01 5.5 van 
= = to execute a function that truncated nearly all database tables and E 
removed the contents of wp-content/uploads. 
HP Print and Scan Doctor, an application within the HP Smart App CVE-2021-3440 
hp -- hp_smart for Windows, is potentially vulnerable to local elevation of 2021-11-01 4.6 Msc 
privilege. ea 
hp -- print_and_scan_doctor aie may potentially be vulnerable to local 2021-11-03 | 46 ian 
Buffer overflow vulnerability in htmldoc before 1.9.12, allows CVE-2021-40985 
htmldoc_project -- htmldoc attackers to cause a denial of service via a crafted BMP image to 2021-11-03 4.3 MISC 
image_load_bmp. MISC 
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site 
ibm -- request forgery which could allow an attacker to execute malicious 2021-11-02 68 p eee 
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could interpret as a command, leading to execution of a malicious 
string locally on a device, aka CSV injection. 
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Primary ae A CVSS Source & Patch 
Vendor -- Product Description Published | Score Info 
IBM InfoSphere Data Flow Designer (IBM InfoSphere Information 
‘ome Server 11.7 ) is vulnerable to server-side request forgery (SSRF). CVE-2021-29738 
infosphere Jinfonnation: Senier This may allow an authenticated attacker to send unauthorized 2021-11-02 55 XF 
p = = requests from the system, potentially leading to network CONFIRM 
enumeration or facilitating other attacks. IBM X-Force ID: 201302. 
ibm -- IBM InfoSphere Information Server 11.7 could allow an attacker to CVE-2021-29875 
infosphere information ‘server obtain sensitive information due to a insecure third party domain 2021-11-02 5 XF 
P = = access vulnerability. IBM X-Force ID: 206572. CONFIRM 
ibm IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere CVE-2021-29737 
infosonere: Infonnation: SeAier Information Server 11.7 ) component has improper validation of 2021-11-02 5 XE 
p = = the REST API server certificate. IBM X-Force ID: 201301. CONFIRM 
IBM InfoSphere Information Server 11.7 is vulnerable to an XML 
bme External Entity Injection (XXE) attack when processing XML data. CVE-2021-38948 
infosphere information Sener A remote attacker could exploit this vulnerability to expose 2021-11-02 6.4 CONFIRM 
P = = sensitive information or consume memory resources. IBM X-Force XE 
ID: 211402. 
itade-orocessihai proisctsimade: An issue was discoverered in in abhijitnathwani image-processing CVE-2020-21573 
meen g_Pro} g v0.1.0, allows local attackers to cause a denial of service via a 2021-11-02 4.3 Msc 
P 9 crafted image file. Baa 
The Image Source Control WordPress plugin before 2.3.1 allows CVE-2021-24781 
imagesourcecontrol -- users with a role as low as Contributor to change arbitrary post 2021-11-01 4 Msc 
image_source_control meta fields of arbitrary posts (even those they should not be able = CONFIRM 
to edit) ae 
The agent-to-controller security check 
FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS CVE-2021-21688 
jenkins -- jenkins 2.303.2 and earlier does not reject any operations, allowing users || 2021-11-04 5 CONFIRM 
to have unrestricted read access using certain operations e 
(creating archives, FilePath#copyRecursiveTo). 
CVE-2021-42917 
Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows MISC 
kodi -- kodi attackers to cause a denial of service due to improper length of 2021-11-01 4.3 MISC 
values passed to istream. MISC 
MISC 
A security issue was discovered in ingress-nginx where a user CVE-2021-25742 
kubernetes -- ingress-nginx that can create or update ingress objects can use the custom 2021-10-29 5.5 MLIST 
snippets feature to obtain all secrets in the cluster. CONFIRM 
The LearnDash LMS WordPress plugin before 2.5.4 does not 
have any authorisation and validation of the file to be uploaded in CVE-2018-25019 
learndash -- learndash the learndash_assignment_process_init() function, which could 2021-11-01 5 MISC 
allow unauthenticated users to upload arbitrary files to the web MISC 
server 
ae aT F Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, 
libiec_iccp_mod_project E allows attackers to cause a denial of service via an unexpected 2021-11-02 5 e 
ccp packet while trying to connect. beeen 
Beha ig : Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, 
libiec_iccp_mod_project ~ allows attackers to cause a denail of service when trying to calloc || 2021-11-02 5 a e 
ccp an unexpectiedly large space. (remem 
librenms -- librenms LibreNMS through 21.10.2 allows XSS via a widget title. 2021-11-03 | 2 fee 
An issue was discoverered in in function xls_getWorkSheet in 
libxls_project -- libxls xls.c in libxls 1.6.2, allows attackers to cause a denial of service, | 2021-11-03 43 1 eR 
via a crafted XLS file. a 
A vulnerability was found in Linux kernel, where a use-after-frees P 
linux <= linux: kernal in nouveau's postclose() handler could happen if removing device 2021-11-03 47 MISC 
= (that is not common to remove video card physically without E MISC 
power-off, but same happens if "unbind" the driver). MISC 
iniciis kernel Insufficient data validation in waitid allowed an user to escape 2021-11-02 46 oe 
= sandboxes on Linux. = MISC 
The parse function in Ilhttp < 2.1.4 and < 6.0.6. ignores chunk 
extensions when parsing the body of chunked requests. This ICVE-2021-22960 
ttp fitt leads to HTTP Request Smuggling (HRS) under certain 2021-11-03 5.8 MISC 
conditions. 
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, CVE-2021-43266 
mahara -- mahara exporting collections via PDF export could lead to code execution || 2021-11-02 4.6 MISC 
via shell metacharacters in a collection name. MISC 
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported 
: ee: : ; i CVE-2021-40848 
mahara- mahara CSV files could contain characters that a spreadsheet program 2021-11-03 6.8 MISC 
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Primary ae A CVSS Source & Patch 
Vendor -- Product Description Published | Score Info 
SQL injection vulnerability in McAfee Data Loss Prevention (DLP) 
ePO extension prior to 11.7.100 allows a remote attacker logged 
ee ravantionendboint into ePO as an administrator to inject arbitrary SQL into the ePO 2021-11-01 6.5 oo 
0Ss_P endp database through the user management section of the DLP ePO ——— 
extension. 
A XML External Entity (XXE) vulnerability was discovered in the CVE-2020-25911 
modx -- modx_revolution modRestServiceRequest component in MODX CMS 2.7.3 which 2021-10-31 6.4 MISC 
can lead to an information disclosure or denial of service (DOS). MISC 
‘Through use of reportValidity() and window.open(), a plain-text CVE-2021-38497 
validation message could have been overlaid on another origin, MISC 
mozilla -- firefox leading to possible user confusion and spoofing attacks. This 2021-11-03 4.3 MISC 
vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox MISC 
ESR < 91.2. MISC 
Firefox incorrectly accepted a newline in a HTTP/3 header, 
mozilla’ firefox interpretting it as two separate headers. This allowed for a header 2021-11-03 58 a 
splitting attack against servers using HTTP/3. This vulnerability es MISC 
affects Firefox < 91.0.1 and Thunderbird < 91.0.1. nem 
Firefox for Android allowed navigations through the `intent://^ 
mözilla.= firefox protocol, which could be used to cause crashes and UI spoofs. 2021-11-03 58 we 
*This bug only affects Firefox for Android. Other operating ER MISC 
systems are unaffected.*. This vulnerability affects Firefox < 92. E 
Mixed-content checks were unable to analyze opaque origins CVE-2021-38491 
mozilla -- firefox which led to some mixed content being loaded. This vulnerability 2021-11-03 4.3 MISC 
affects Firefox < 92. MISC 
CVE-2021-38496 
During operations on MessageTasks, a task may have been MISC 
removed while it was still scheduled, resulting in memory MISC 
mozilla -- firefox corruption and a potentially exploitable crash. This vulnerability 2021-11-03 6.8 MISC 
affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < MISC 
91.2, Firefox ESR < 78.15, and Firefox < 93. MISC 
MISC 
Mozilla developers reported memory safety bugs present in 
Firefox 92. Some of these bugs showed evidence of memory CVE-2021-38499 
mozilla -- firefox corruption and we presume that with enough effort some of these || 2021-11-03 6.8 MISC 
could have been exploited to run arbitrary code. This vulnerability MISC 
affects Firefox < 93. 
Mozilla developers reported memory safety bugs present in CVE-2021-38500 
Firefox 92 and Firefox ESR 91.1. Some of these bugs showed MISC 
evidence of memory corruption and we presume that with enough MISC 
mozilla -- firefox effort some of these could have been exploited to run arbitrary 2021-11-03 6.8 MISC 
code. This vulnerability affects Thunderbird < 78.15, Thunderbird MISC 
< 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < MISC 
93. MISC 
When delegating navigations to the operating system, Firefox CVE-2021-38492 
would accept the `mk` scheme which might allow attackers to MISC 
launch pages and execute scripts in Internet Explorer in MISC 
mozilla -- firefox unprivileged mode. *This bug only affects Firefox for Windows. 2021-11-03 4.3 MISC 
Other operating systems are unaffected.*. This vulnerability affects MISC 
Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox MISC 
ESR < 78.14, and Firefox ESR < 91.1. MISC 
Mozilla developers reported memory safety bugs present in ? P 
Firefox 91 and Firefox ESR 78.13. Some of these bugs showed ao = 
mozilla- firefox evidence of memory corruption and we presume that with enough 2021-11-03 6.8 MISC 
effort some of these could have been exploited to run arbitrary MISC 
code. This vulnerability affects Firefox ESR < 78.14, Thunderbird MISC 
< 78.14, and Firefox < 92. 
Mozilla developers reported memory safety bugs present in 
Firefox 92 and Firefox ESR 91.1. Some of these bugs showed oo 
F : evidence of memory corruption and we presume that with enough eee 
mozila ==-Nretox effort some of these could have been exploited to run arbitrary 2021-11-03 = wre 
code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, MISC 
and Firefox ESR < 91.2. ere 
Mozilla developers reported memory safety bugs present in 
Firefox 91. Some of these bugs showed evidence of memory CVE-2021-38494 
mozilla -- firefox corruption and we presume that with enough effort some of these || 2021-11-03 6.8 MISC 
could have been exploited to run arbitrary code. This vulnerability MISC 
affects Firefox < 92. 
During process shutdown, a document could have caused a use- we 
mozilla firefox after-free ofa languages service object, leading to memory — 2021-11-03 5 MISC 
corruption and a potentially exploitable crash. This vulnerability MISC 
affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. MISC 
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Primary ae A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
Mozilla developers reported memory safety bugs present in ? ? 
‘Thunderbird 78.13.0. Some of these bugs showed evidence of an 
mozilla -- firefox_esr memory corruption and we presume that with enough effort some || 2021-11-03 6.8 MISC 
of these could have been exploited to run arbitrary code. This MISC 
vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1. Pas 
‘Thunderbird ignored the configuration to require STARTTLS 
security for an SMTP connection. A MITM could perform a 
downgrade attack to intercept transmitted messages, or could CVE-2021-38502 
mozilla -- thunderbird take control of the authenticated session to execute SMTP 2021-11-03 4.3 MISC 
commands chosen by the MITM. If an unprotected authentication MISC 
method was configured, the MITM could obtain the authentication 
credentials, too. This vulnerability affects Thunderbird < 91.2. 
MyBB before 1.8.29 allows Remote Code Injection by an admin 
with the "Can manage settings?" permission. The Admin CP's 
_ Settings management module does not validate setting types EPE CVE-2021-43281 
mybb ssmybb correctly on insertion and update, making it possible to add 20211-04 6.5 CONFIRM 
settings of supported type "php" with PHP code, executed on 
Change Settings pages. 
Whale browser for iOS before 1.14.0 has an inconsistent user CVE-2021-33593 
navercorp -- whale interface issue that allows an attacker to obfuscate the address 2021-11-02 5 CONFIRM 
bar which may lead to address bar spoofing. ———— 
Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, CVE-2021-27005 
netapp -- ontap_system_manager |[9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which|| 2021-11-01 5 Msc 
could allow a remote attacker to cause a crash of the httpd server. ea 
The NextScripts: Social Networks Auto-Poster <= 4.3.20 
WordPress plugin is vulnerable to Reflected Cross-Site Scripting 
nextscripts -- via the $_REQUEST['page'] parameter which is echoed out on 2021-11-01 43 CVE-2021-38356 
social_networks_auto_poster inc/nxs_class_snap.php by supplying the appropriate value a MISC 
‘nxssnap-post' to load the page in $_GET['page’] along with 
malicious JavaScript in $_POST['page']. 
An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. CVE-2021-27722 
nsasoft -- spotauditor The program can be crashed by entering 300 bytes char data into || 2021-11-02 5 MISC 
the "Key" or "Name" field while registering. MISC 
NVIDIA vGPU software contains a vulnerability in the Virtual GPU 
Manager (vGPU plugin), where a string provided by the guest OS 
eer may not be properly null terminated. The guest OS or attacker has 40. CVE-2021-1120 
nvidia =s virtjal gpu no ability to push content to the plugin through this vulnerability, AAA Gree 4.8 CONFIRM 
which may lead to information disclosure, data tampering, 
unauthorized code execution, and denial of service. 
NVIDIA vGPU software contains a vulnerability in the Virtual GPU 
Manager (vGPU plugin), where there is the potential to execute CVE-2021-1118 
nvidia -- virtual_gpu privileged operations by the guest OS, which may lead to 2021-10-29 4.6 CONFIRM 
information disclosure, data tampering, escalation of privileges, me 
and denial of service 
The OptinMonster WordPress plugin is vulnerable to sensitive 
information disclosure and unauthorized setting updates due to 
insufficient authorization validation via the jee 
optinmonster -- optinmonster logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php 2021-11-01 6.4 MISC 
file that can used to exploit inject malicious web scripts on sites MISC 
with the plugin installed. This affects versions up to, and including, Herre 
2.6.4. 
PHP-CMS v1.0 was discovered to contain a SQL injection 
7 Sa 7 vulnerability in the component search.php via the search Pre CVE-2020-18263 
php-cms_project -= php-cms parameter. This vulnerability allows attackers to access sensitive 2020711-03 5 MISC 
database information. 
Cross Site Scripting (XSS) vulnerability in CVE-2020-23754 
; ; infusions/member_poll_panel/poll_admin.php in PHP-Fusion MISC 
php-fusion — phpfusion 9.03.50, allows attackers to execute arbitrary code, via the polls aE 6.8 MISC 
feature. MISC 
Directory traversal vulnerability in ginggan phpok 5.1, allows CVE-2020-18438 
phpok -- phpok attackers to disclose sensitive information, via the title parameter 2021-11-02 5 MISC. ..—O—S™S 
to admin.php. mans 
An issue was discoverered in in function edit_save_f in 
phpok -- phpok framework/admin/tpl|_control.php in ginggan phpok 5.1, allows 2021-11-02 6.4 oo 
attackers to write arbitrary files or get a shell. = 
An issue was discoverered in in customercentric-selling-poland CVE-2021-26786 
playtuber_project -- playtuber PlayTube, allows authenticated attackers to execute arbitrary code|| 2021-11-03 6.5 Msc 
via the purchace code to the config.php. = 
An Incorrect Access Control issue exists in all versions of 
portainer -- portainer Portainer.via an unauthorized access vulnerability. The 2021-10-29 | 5 e a 
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Primary ae A CVSS Source & Patch 
Vendor -- Product Description Published | Score Info 
An unauthorized access vulnerabiitly exists in all versions of 
portainer -- portainer Portainer, which could let a malicious user obtain sensitive 2021-10-29 a jo 
information. anaes 
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access CVE-2021-25973 
y, p prop 

ubli roject -- publif Control. “guest” role users can self-register even when the admin 2021-11-02 6.5 MISC 

p proj publity g g 

does not allow. This happens due to front-end restriction only. MISC 

The parseXML function in Easy-XML 0.5.0 was discovered to 

have a XML External Entity (XXE) vulnerability which allows for an CVE-2020-26705 
pypi -- easyxml attacker to expose sensitive data or perform a denial of service 2021-10-31 6.4 Msc 

(DOS) via a crafted external entity entered into the XML content —— 

as input. 

The Logo Slider and Showcase WordPress plugin before 1.3.37 
radiustheme -- allows Editor users to update the plugin's settings via the 2021-11-01 4 CVE-2021-24742 
logo_slider_and_showcase rtWLSSettings AJAX action because it uses a nonce for = MISC 

authorisation instead of a capability check. 

A vulnerability was discovered in the filename parameter in 

pathindex.php?r=cms- i == 
ranko -- rkcms backend/attachment/delete&sub=&filename=../../../../111.txt&filetype=2A@d ej 43 Pres 

MISC 

of the master version of RKCMS. This vulnerability allows for an MISC 

attacker to perform a directory traversal via a crafted .txt file. [= 

An open redirect vulnerability exists in Replicated Classic versions 

prior to 2.53.1 that could lead to spoofing. To exploit this CVE-2021-43058 
replicated -- replicated_classic vulnerability, an attacker could send a link that has a specially 2021-11-01 5.8 Msc = 

crafted URL and convince the user to click the link, redirecting the B 

user to an untrusted site. 

S-Cart v6.4.1 and below was discovered to contain an arbitrary file 

p es upload vulnerability in the Editor module on the Admin panel. This re CVE-2021-38847 
Scan srcani vulnerability allows attackers to execute arbitrary code via a poe 8.5 MISC 

crafted IMG file. 

: P : ._ Cross Site Scripting (XSS) vulnerability exists in Sourcecodester z E 
simple_subscription_website_projechS imple Subscription Website 1.0 via the id parameter in 2021-11-03 ag |A EA 
-- simple_subscription_website plan_application MISC 

In Siren Investigate before 11.1.4, when enabling the cluster ao 
siren -- investigate feature of the Siren Alert application, TLS verifications are 2021-11-02 6.8 MISC 

disabled globally in the Siren Investigate main process. MISC 

A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server 

has left customers vulnerable to click jacking. Clickjacking is an 

attack that occurs when an attacker uses a transparent iframe in a 
solarwinds:= kiwi sysioa server window to trick a user into clicking on an actionable item, such as 2021-10-29 43 oo 

SYS'09_ a button or link, to another server in which they have an identical = MISC 

webpage. The attacker essentially hijacks the user activity peal 

intended for the original server and sends them to the other 

server. This is an attack on both the user and the server. 

_ Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a 7 7 
eaa osito mander remote authenticated attacker to potentially perform network 2021-11-04 4 — 
Tep y— 9 enumeration via Server Side Request Forgery (SSRF). E 

A local attacker could bypass the app password using a race P E 
sophos condition in Sophos Secure Workspace for Android before version || 2021-10-30 4.4 C VE-2021-36008 
sophos_secure_workspace 9.7.3115 CONFIRM 

Buffer overflow vulnerability in function convert_colorspace in 
aac heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause CVE-2020-23109 
struktur =libheit a denial of service and disclose sensitive information, via a crafted 2021:11:03 5.8 MISC 
HEIF file. 
The Stylish Price List WordPress plugin before 6.9.0 does not 
: ajet aii : > perform capability checks in its spl_upload_ser_img AJAX action 44. CVE-2021-24757 
stylishpricelist =: Stylish pricelist (available to both unauthenticated and authenticated users), which eee 3 MISC 
could allow unauthenticated users to upload images. 
The Stylish Price List WordPress plugin before 6.9.1 does not 
perform capability checks in its spl_upload_ser_img AJAX action CVE-2021-24770 
stylishpricelist -- stylish_price_list ||(available to authenticated users), which could allow any 2021-11-01 4 Msc 
authenticated users, such as subscriber, to upload arbitrary e 
images. 
eae SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp eee ieee area 
y y parameter without any authentication. Tr MISC 
This affects the package tempura before 0.4.0. If the input to the ICVE-2021-23784 
s esc function is of type object (i.e an array) it is returned without MISC 
tempura project: tempura being escaped/sanitized, leading to a potential Cross-Site 2021-11-03 43 MISC 
Scripting vulnerability. MISC 
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Prima ae : CVSS Source & Patch 
Vendor -- Pie Description Published Score Info 
Nessus versions 8.15.2 and earlier were found to contain a local 
privilege escalation vulnerability which could allow an 
authenticated, local administrator to run specific executables on CVE-2021-20135 
tenable -- nessus the Nessus Agent host. Tenable has included a fix for this issue in || 2021-11-03 4.6 MISC... 
Nessus 10.0.0. The installation files can be obtained from the = 
‘Tenable Downloads Portal 
(https://www.tenable.com/downloads/nessus). 
Buffer Overflow vulnerability in Tenda AC9 V1.0 through CVE-2021-31627 
tendacn -- ac9_ firmware V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_ multi, allows 2021-10-29 5.8 MISC 
attackers to execute arbitrary code via the index parameter. MISC 
Buffer Overflow vulnerability in Tenda AC9 V1.0 through CVE-2021-31624 
tendacn -- ac9_firmware V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_ multi, allows 2021-10-29 5.8 MISC 
attackers to execute arbitrary code via the urls parameter. MISC 
An issue was discovered in function StartPage in text2pdf.c in CVE-2020-23680 
itext2pdf_project -- text2pdf pdfcorner text2pdf 1.1, allows attackers to cause denial of service || 2021-11-03 6.8 MISC 
or possibly other undisclosed impacts. MISC 
The Far Future Expiry Header WordPress plugin before 1.5 does 
tipsandtricks-hq -- not have CSRF check when saving its settings, which could allow 2021-11-01 43 CVE-2021-24799 
far_future_expiry_header attackers to make a logged in admin change them via a CSRF =n MISC 
attack. 
Missing output sanitization in test sources in 
org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 CVE-2021-33611 
vaadin -- vaadin through 1.2.0 (Vaadin 14.0.0 through 14.4.4) allows remote 2021-11-02 4.3 CONFIRM 
attackers to execute malicious JavaScript in browser by opening CONFIRM 
crafted URL 
validator _project -- validator aleae is vulnerable to Inefficient Regular Expression 2021-11-02 5 Er 
omplexity Msc 
Under certain circumstances, when manipulating the Windows 
registry, InstallBuilder uses the reg.exe system command. The full 
path to the command is not enforced, which results in a search in 
the search path until a binary can be identified. This makes the CVE-2021-22037 
vmware -- installbuilder installer/uninstaller vulnerable to Path Interception by Search 2021-10-29 4.4 Msc 
Order Hijacking, potentially allowing an attacker to plant a e 
malicious reg.exe command so it takes precedence over the 
system command. The vulnerability only affects Windows 
installers. 
On Windows, the uninstaller binary copies itself to a fixed 
temporary location, which is then executed (the originally called 
uninstaller exits, so it does not block the installation directory). 
This temporary location is not randomized and does not restrict CVE-2021-22038 
vmware -- installbuilder access to Administrators only so a potential attacker could plant a || 2021-10-29 65 Msc 
binary to replace the copied binary right before it gets called, thus e 
gaining Administrator privileges (if the original uninstaller was 
executed as Administrator). The vulnerability only affects Windows 
installers. 
Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, CVE-2020-20982 
wdja -- wdja_cms allows attackers to execute arbitrary code and gain escalated 2021-11-03 6.8 Msc 
privileges, via the backurl parameter to /php/passport/index.php. eR 
The BP Better Messages WordPress plugin before 1.9.9.41 
sanitise (with sanitize_text_field) but does not escape the 'subject' a e a 
wordplus -- bp_better_messages Reel : : : 2021-11-01 4.3 MISC 
parameter before outputting it back in an attribute, leading to a CONFIRM 
Reflected Cross-Site Scripting issue e 
The BP Better Messages WordPress plugin before 1.9.9.41 does 
not check for CSRF in multiple of its AJAX actions: 
bp_better_messages_leave_chat, CVE-2021-24809 
bp_better_messages_join_chat, bp_messages_leave_thread, -_AMEIELG 
wordplus -- bp_better_messages O eae A en, E aS a E rec pete ba P 
bp_better_messages_add_user_to_thread, Dna 
bp_better_messages_exclude_user_from_thread. This could 
allow attackers to make logged in users do unwanted actions 
The WP-Pro-Quiz WordPress plugin through 0.37 does not have 
Wwo-bro-duiz project--wp-bro-giiżz CSRF check in place when deleting a quiz, which could allow an 2021-11-01 43 heii 
Pepro-quiz_pro] eee attacker to make a logged in admin delete arbitrary quiz on the — MISC 
blog eee 
The WP-Stats WordPress plugin before 2.52 does not have CSRF 
check when saving its settings, and did not escape some of them CVE-2015-10001 
wp-stats_project -- wp-stats when outputting them, allowing attacker to make logged in high 2021-11-01 4.3 MISC 
privilege users change them and set Cross-Site Scripting MISC 
payloads 
The WP Attachment Export WordPress plugin before 0.2.4 does CVE-2015-20067 
wp_attachment_export_project -- _|jnot have proper access controls, allowing unauthenticated users 2021-11-01 5 MISC 
wp_attachment_export to download the XML data that holds all the details of = MISC 
attachments/posts on a Wordpress MISC 
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Entry, which could allow high privilege users to perform Cross-Site 
Scripting when the unfiltered_html capability is disallowed. 
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Primary ae A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
The Accept Donations with PayPal WordPress plugin before 1.3.1 
offers a function to create donation buttons, which internally are 
wpplüdin- posts. The process to create a new button is lacking a CSRF CVE-2021-24570 
haloes i donations with: paypal check. An attacker could use this to make an authenticated admin || 2021-11-01 4.3 MISC 
P —with_payp create a new button. Furthermore, one of the Button field is not CONFIRM 
escaped before being output in an attribute when editing a Button, 
leading to a Stored Cross-Site Scripting issue as well. 
The Accept Donations with PayPal WordPress plugin before 1.3.1 
provides a function to create donation buttons which are internally 
wpplugin -- stored as posts. The deletion of a button is not CSRF protected 2021-11-01 4.3 CVE-2021-24572 
accept_donations_with_paypal and there is no control to check if the deleted post was a button ae MISC 
post. As a result, an attacker could make logged in admins delete 
arbitrary posts 
SQL Injection vulnerability exists in all versions of Yonyou 
puyous turbom TurboCRM.via the orgcode parameter in changepswd.php. 2021-10-29 5 eo 
vey Attackers can use the vulnerabilities to obtain sensitive database = MISC 
information. e 
Cross site scripting (XSS) vulnerability in 
d ites. a application/controllers/AdminController.php in xujinliang zibbs 1.0, uaa CVE-2020-23719 
zibbs_project — zibbs allows attackers to execute arbitrary code via the bbsmeta ave tOe 6.8 MISC 
parameter. 
Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, CVE-2020-23718 
zibbs_project -- zibbs allows attackers to execute arbitrary code via the route parameter || 2021-11-02 6.8 Msc 
to index.php. as 
Back to top 
Low Vulnerabilities 
Primary ae A CVSS Source & Patch 
Vendor -- Product Description Publlehed Score Info 
CVE-2021-36698 
artica -- pandora_fms Pandora FMS through 755 allows XSS via a new Event Filter with 2021-11-03 3.5 MISC 
a crafted name. MISC 
MISC 
The Notification WordPress plugin is vulnerable to Stored Cross- 
Site Scripting due to insufficient input validation and sanitization 
via several parameters found in the CVE-2021-39340 
L notificati ~/src/classes/Utils/Settings.php file which made it possible for saa MISC 
Prackotepace = notiication attackers with administrative user access to inject arbitrary web aL a1 MISC 
scripts, in versions up to and including 7.2.4. This affects multi-site MISC 
installations where unfiltered_html is disabled for administrators, 
and sites where unfiltered_html is disabled. 
A vulnerability in the web-based management interface of Cisco 
Prime Infrastructure (Pl) and Cisco Evolved Programmable 
Network Manager (EPNM) could allow an authenticated, remote 
attacker to conduct a stored cross-site scripting (XSS) attack 
against a user of the web-based management interface of an 
cisco -- affected device. This vulnerability exists because the web-based 2021-11-04 35 CVE-2021-34784 
evolved_programmable_network_mannagyergement interface does not properly validate user-supplied S CISCO 
input. An attacker could exploit this vulnerability by persuading a 
user of an affected interface to click a crafted link. A successful 
exploit could allow the attacker to execute arbitrary script code in 
the context of the affected interface or access sensitive, browser- 
based information. 
A vulnerability in the web-based management interface of Cisco 
Prime Access Registrar could allow an authenticated, remote 
attacker to perform a stored cross-site scripting attack on an 
affected system. This vulnerability exists because the web-based 
management interface does not sufficiently validate user-supplied 
R eae input. An attacker could exploit this vulnerability by injecting 44 CVE-2021-34731 
cisco: = prime access: registrar malicious code into specific pages of the interface. A successful 2021511-04 25 CISCO 
exploit could allow the attacker to execute arbitrary script code in 
the context of the affected interface or access sensitive, browser- 
based information. To exploit this vulnerability, the attacker would 
need valid administrative credentials. Cisco expects to release 
software updates that address this vulnerability. 
The Connections Business Directory WordPress plugin before 
connections-pro -- 10.4.3 does not escape the Address settings when creating an 2021-11-01 35 CVE-2021-24794 
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and below, 6.2.x, 6.0.x, 5.6.0 may allow a FortiGate user to see 


CONFIRM 


Primary MPE P CVSS Source & Patch 
Vendor -- Product Description PublSned Score Info 
: |The Content text slider on post WordPress plugin before 6.9 does CVE-2015-20019 
content text Slider on-post project not sanitise and escape the Title and Message/Content settings 2021-11-01 35 MISC 
-- content_text_slider_on_post A p i nC vessag gs; —— CONFIRM 
which could lead to Cross-Site Scripting issues MISC 
The Coming Soon, Under Construction & Maintenance Mode By 
dazslarsorhvare= Dazzler WordPress plugin before 1.6.7 does not sanitise or 
F - escape its description setting when outputting it in the frontend 44. CVE-2021-24539 
Be ee ON ghen the Coming Soon mode is enabled, even when the 2021-11-01 =a MISC 
Pi = Py unfiltered_html capability is disallowed, leading to an 
authenticated Stored Cross-Site Scripting issue 
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable 
to cross-site scripting because an authenticated attacker can CVE-2021-38428 
deltaww -- dialink inject arbitrary JavaScript code into the parameter name of the 2021-11-03 3:5 Msc 
API schedule, which may allow an attacker to remotely execute R 
code. 
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable 
to cross-site scripting because an authenticated attacker can CVE-2021-38411 
deltaww -- dialink inject arbitrary JavaScript code into the parameter deviceName of || 2021-11-03 2:8 MISC... 
the API modbusWriter-Reader, which may allow an attacker to = 
remotely execute code. 
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable 
to cross-site scripting because an authenticated attacker can CVE-2021-38403 
deltaww -- dialink inject arbitrary JavaScript code into the parameter supplier of the 2021-11-03 39 Msc 
API maintenance, which may allow an attacker to remotely aes 
execute code. 
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable 
to cross-site scripting because an authenticated attacker can CVE-2021-38488 
deltaww -- dialink inject arbitrary JavaScript code into the parameter comment of the | 2021-11-03 3:8 Msc 
API events, which may allow an attacker to remotely execute e 
code. 
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable 
to cross-site scripting because an authenticated attacker can CVE-2021-38407 
deltaww -- dialink inject arbitrary JavaScript code into the parameter name of the 2021-11-03 39 Msc 
API devices, which may allow an attacker to remotely execute amas 
code. 
Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows CVE-2020-27406 
dynpg -- dynpg authenticated attackers to execute arbitrary code via the 2021-11-02 3.5 MISC 
groupname. MISC 
The ees nel eee pte ete Pe not CVE-2021-24813 
e-dynamics -- events_made_easy |S@nitise and escape Custom Field Names, allowing high privilege || 5994.44.01 | 3.5 CONFIRM 
= = users to perform Cross-Site Scripting attacks even when the — Msc 
unfiltered_html capability is disallowed emi 
The WPeMatico RSS Feed Fetcher WordPress plugin before 
2.6.12 does not escape the Feed URL added to a campaign 
eae res: feed Tetcher before outputting it in an attribute, allowing high privilege users to || 2021-11-01 2:5 v1 e 
p Ss, = perform Cross-Site Scripting attacks even when the ra 
unfiltered_html capability is disallowed. 
The Flat Preloader WordPress plugin before 1.5.5 does not 
TON escape some of its settings when outputting them in attribute in a t 
ae the frontend, which could allow high privilege users to perform 2021-11-01 2:5 a 
P Cross-Site Scripting attacks even when the unfiltered_html is ——— 
disallowed 
A improper neutralization of input during web page generation 
eo ea (‘cross-site scripting’) in Fortinet FortiAnalyzer version 6.0.6 and EPE CVE-2020-12814 
fornet- foranalyzer below, version 6.4.4 allows attacker to execute unauthorized code 2021511-02 3.5 CONFIRM 
or commands via specifically crafted requests to the web GUI. 
An improper control of generation of code vulnerability [CWE-94] 
: RE in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and CVE-2021-42754 
fortinet — forticlient below may allow an authenticated attacker to hijack the MacOS se 35 CONFIRM 
camera without the user permission via the malicious dylib file. 
An improper neutralization of input vulnerability [CWE-79] in 
; FortiClientEMS versions 6.4.1 and below and 6.2.9 and below 
ena aniaronce: imanaaement ama allow a remote authenticated attacker to inject malicious 2021-11-02 25 a 
= prise_ g = SNBitags via the name parameter of various sections of the e 
server. 
An exposure of sensitive information to an unauthorized actor 
fortinet -- fortimanager [CWE-200] vulnerability in FortiManager 7.0.1 and below, 6.4.6 2021-11-03 24 CVE-2021-36192 








scripts from other ADOMS. 
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data_loss_prevention_endpoint 








convincing the logged in administrator to click on a carefully 
crafted link in the case management part of the DLP ePO 
extension. 

















Primary ae A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
A concurrent execution using shared resource with improper 
Synchronization vulnerability (‘Race Condition’) in the customer 
: : database interface of FortiPortal before 6.0.6 may allow an CVE-2021-36181 
fortinet Temporal authenticated, low-privilege user to bring the underlying database eee 3.5 CONFIRM 
data into an inconsistent state via specific coordination of web 
requests. 
A unprotected storage of credentials in Fortinet FortiSIEM 
; e Windows Agent version 4.1.4 and below allows an authenticated CVE-2021-41023 
ornet noruSiEm user to disclosure agent password due to plaintext credential 20217192 21 CONFIRM 
storage in log files 
A stored Cross-Site Scripting vulnerability in the DataDog a 
gitlab -- gitlab integration in GitLab CE/EE version 13.7 and above allows an 2021-11-05 25 MSC 
attacker to execute arbitrary JavaScript code on the victim's behalf MISC 
Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and CVE-2021-39237 
hp -- futuresmart_3 HP PageWide Managed printers may be vulnerable to potential 2021-11-03 2.1 mee 
information disclosure. a= 
Certain HP Enterprise LaserJet and PageWide MFPs may be CVE-2021-3662 
hp — futuresmart_4 vulnerable to stored cross site scripting (XSS). 202102 35 MISC 
A potential security vulnerability has been identified for the HP CVE-2021-3441 
hp -- officejet_7110_ firmware OfficeJet 7110 Wide Format ePrinter that enables Cross-Site 2021-10-29 3:5 Msc 
Scripting (XSS). Eea 
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site 
bme scripting. This vulnerability allows users to embed arbitrary CVE-2021-29771 
; : F JavaScript code in the Web UI thus altering the intended 2021-11-02 3.5 CONFIRM 
infosphere_information_server : $ P ; ; : ee 
functionality potentially leading to credentials disclosure within a XE 
trusted session. 
nbdime provides tools for diffing and merging of Jupyter 
Notebooks. In affected versions a stored cross-site scripting (XSS) 
issue exists within the Jupyter-owned nbdime project. It appears 
that when reading the file name and path from disk, the extension 
does not sanitize the string it constructs before returning it to be 
displayed. The diffNotebookCheckpoint function within nbdime 
iio yter<cabdihe causes this issue. When attempting to display the name of the 2021-11-03 3.5 ae 
Jupy local notebook (diffNotebookCheckpoint), nodime appears to m CONFIRM 
simply append .ipynb to the name of the input file. The e 
NbdimeWidget is then created, and the base string is passed 
through to the request API function. From there, the frontend 
simply renders the HTML tag and anything along with it. Users are 
advised to patch to the most recent version of the affected 
product. 
Invalid JPEG XL images using libjxl can cause an out of bounds 
access on a std::vector<std::vector<T>> when rendering splines. 
libixi project=libixi The OOB read access can either lead to a segfault, or rendering 2021-11-01 36 — 
Jxi_proj J splines based on other process memory. It is recommended to E CONFIRM 
upgrade past 0.6.0 or patch with mee 
https://github.com/libjxl/libjxl/pull/757 
For certain valid JPEG XL images with a size slightly larger than 
an integer number of groups (256x256 pixels) when processing 
the groups out of order the decoder can perform an out of bounds 
copy of image pixels from an image buffer in the heap to another. 
This copy can occur when processing the right or bottom edges of CVE-2021-22564 
libjxl_project -- libjxl the image, but only when groups are processed in certain order. 2021-11-01 2.41 CONFIRM 
Groups can be processed out of order in multi-threaded decoding CONFIRM 
environments with heavy thread load but also with images that 
contain the groups in an arbitrary order in the file. It is 
recommended to upgrade past 0.6.0 or patch with 
https://github.com/libjxi/libjxl/pull/775 
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting 
maharaemahara the path component for the page help file allows attackers to 2021-11-02 21 o ae 
bypass the intended access control for HTML files via directory — MISC 
traversal. It replaces the - character with the / character. ro 
ETES In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain || 5554.44.00 | 35 IMIS 
tag syntax could be used for XSS, such as via a SCRIPT element. — MISC 
Cross site scripting (XSS) vulnerability in McAfee Data Loss 
Prevention (DLP) ePO extension prior to 11.7.100 allows a remote 
mcafee -- attacker to highjack an active DLP ePO administrator session by 2021-11-01 35 CVE-2021-31848 


MISC 
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document. This payload will execute globally on the client side. 

















Primary oar A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
The Restaurant Menu by MotoPress WordPress plugin through 
2.4.0 does not properly sanitize or escape inputs when creating CVE-2021-24722 
motopress -- restaurant_menu new menu items, which could allow high privilege users to perform|| 2021-11-01 2.8 Msc 
Cross-Site Scripting attacks even when the unfiltered_html res 
capability is disallowed 
System Manager 9.x versions 9.7 and higher prior to 9.7P16, 
9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could CVE-2021-27004 
netapp -- ontap_system_manager [iow a local attacker to discover plaintext iSCSI CHAP 2021-11201 17 [MISC 
credentials. 
NVIDIA vGPU software contains a vulnerability in the Virtual GPU 
AN : Manager kernel driver, where a vGPU can cause resource CVE-2021-1121 
nvidia:s= virtual gpu starvation among other vGPUs hosted on the same GPU, which PDAIR TOEA a1 CONFIRM 
may lead to denial of service. 
NVIDIA vGPU software contains a vulnerability in the Virtual GPU CVE-2021-1122 
nvidia -- virtual_gpu Manager (vGPU plugin), where it can dereference a NULL pointer, | 2021-10-29 24 CONFIRM 
which may lead to denial of service. N 
NVIDIA vGPU software contains a vulnerability in the Virtual GPU CVE-2021-1123 
nvidia -- virtual_gpu Manager (vGPU plugin), where it can deadlock, which may lead to|| 2021-10-29 2.1 CONFIRM 
denial of service. ea oe 
NVIDIA vGPU software contains a vulnerability in the Virtual GPU 
Manager (vGPU plugin), where it can double-free a pointer, which CVE-2021-1119 
nvidia -- virtual_gpu may lead to denial of service. This flaw may result in a write-what- || 2021-10-29 3.6 CONFIRM 
where condition, allowing an attacker to execute arbitrary code e 
impacting integrity and availability. 
A Stored Cross Site Scripting (XSS) vulnerability exists in 
Saline event sens: ane reseval sourcerodester Online Event Booking and Reservation System in CVE-2021-42662 
B = = g_ane_ PHPANYS GE Vis {fie Holiday reason parameter. An attacker can 2021-11-05 3.5 MISC 
Gnling evant boòkina end resémwat levera g this vulnerability in order to run javascript commands on = MISC 
= = gang Hhe-WabServer surfers behalf, which can lead to cookie stealing MISC 
and more. 
A vulnerability in Snow Snow Agent for Windows allows a non- 
snowsoftware -- admin user to cause arbitrary deletion of files. This issue affects: 2021-11-03 3.6 CVE-2021-41562 
snow_inventory_agent Snow Snow Agent for Windows version 5.0.0 to 6.7.1 on = MISC 
Windows. 
sonar: The MP3 Audio Player for Music, Radio & Podcast by Sonaar 
: : . WordPress plugin before 2.4.2 does not properly sanitize or CVE-2021-24624 
mp3_audio_player_for_music\,_radit.. cape data in some of its Playlist settings, allowing high privilege 2021-11-01 35 MISC 
amp;_podcast Se are 
users to perform Cross-Site Scripting attacks 
The Google Maps Easy WordPress plugin is vulnerable to Stored 
Cross-Site Scripting due to insufficient input validation and 
sanitization via several parameters found in the CVE-2021-39346 
fee ~/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php file 44. MISC 
supsystic -- easy_google_maps which allowed attackers with administrative user access to inject PORIN 21 MISC 
arbitrary web scripts, in versions up to and including 1.9.33. This MISC 
affects multi-site installations where unfiltered_html is disabled for 
administrators, and sites where unfiltered_html is disabled. 
The Modern Events Calendar Lite WordPress plugin before 5.22.3 
ised even ealendar-llite does not properly sanitize or escape values set by users with 2021-11-01 35 wee 
= = = access to adjust settings withing wp-admin. (aman 
The WP Sitemap Page WordPress plugin before 1.7.0 does not 
wp_sitemap_page_project -- properly sanitise and escape some of its settings, which could 2021-11-01 35 CVE-2021-24715 
wp_sitemap_page allow high privilege users to perform Cross-Site Scripting attacks a MISC 
even when the unfiltered_html capability is disallowed. 
The WordPress Download Manager WordPress plugin before 
wpdownloadmanager -- 3.2.16 does not escape some of the Download settings when 2021-11-01 35 CVE-2021-24773 
wordpress_download_manager outputting them, allowing high privilege users to perform XSS E MISC 
attacks even when the unfiltered_html capability is disallowed 
The Cool Tag Cloud WordPress plugin before 2.26 does not 
7 escape the style attribute of the cool_tag_cloud shortcode, which 44. CVE-2021-24682 
wpkube -- cool_tag_cloud could allow users with a role as low as Contributor to perform fone 35 MISC 
Stored Cross-Site Scripting attacks. 
The WP Reactions Lite WordPress plugin before 1.3.6 does not 
; p s ; properly sanitize inputs within wp-admin pages, allowing users ETE CVE-2021-24723 
wpreactions =- Wp reactions-ite with sufficient access to inject XSS payloads within /wp-admin/ cones > MISC 
pages. 
In XenForo through 2.2.7, a threat actor with access to the admin 
zentro- x6nfóro panel can create a new Advertisement via the Advertising 2021-11-03 35 nan 
function, and save an XSS payload in the body of the HTML ans MISC 
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of these files may allow an attacker to corrupt memory. 














Primary sau : CVSS Source & Patch 
Vendor -- Product Description Publiened | Score Info 
Improper privilege management vulnerability in API Key used in p p 
android -- samsung SmartThings prior to 1.7.73.22 allows an attacker to abuse the 2021-11-05 Peo ty ao =n 
API key without limitation. fer 
An improper access control vulnerability in SCloudBnRReceiver in 
android -- samsung SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows 2021-11-05 ee 7 em 
untrusted application to call some protected providers. igen’ 
AVideo/YouPHPTube 10.0 and prior is affected by Insecure file CVE-2021-25877 
F A ae nde : ae not yet |MISC 
android -- samsung write. An administrator privileged user is able to write files on 2021-11-01 
` : : baka calculated ||MISC 
filesystem using flag and code variables in file save.php. MISC 
A vulnerability of storing sensitive information insecurely in 
android -- samsung Property Settings prior to SMR Nov-2021 Release 1 allows 2021-11-05 Pear ao 
attackers to read ESN value without priviledge. aaa 
F Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 not yet |CVE-2021-25504 
android = samsung allows attacker to access contact information. 2021-11-05 || calculated |MISC 
AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross CVE-2021-25876 
android -- samsung Script Scripting vulnerabilities via the u parameter which allows a 2021-11-01 not yet MISC 
remote attacker to steal administrators' session cookies or perform calculated |MISC 
actions as an administrator. MISC 
Landpoidsameuny A cross-site scripting (XSS) vulnerability in Power Admin PA not vet CVE-2021-26844 
9 Server Monitor 8.2.1.1 allows remote attackers to inject arbitrary 2021-11-05 ered MISC 
web script or HTML via Console.exe. MISC 
AVideo/YouPHPTube 10.0 and prior is affected by multiple CVE-2021-25878 
android -- samsung reflected Cross Script Scripting vulnerabilities via the videoName 2021-11-01 not yet MISC 
parameter which allows a remote attacker to steal administrators’ calculated ||MISC 
session cookies or perform actions as an administrator. MISC 
‘ A missing input validation in HDCP LDFW prior to SMR Nov-2021 
androidi =; samsung Release 1 allows attackers to overwrite TZASC allowing TEE 2021-11-05 |] "ot yet v1 en 
compromise. = 
android -- samsung Improper input validation vulnerability in HDCP prior to SMR Nov- 2021-11-05 not yet |CVE-2021-25503 
2021 Release 1 allows attackers to arbitrary code execution. calculated ||MISC 
android -- samsung Improper authentication in Samsung Pass prior to 3.0.02.4 allows 2021-11-05 not yet CVE-2021-25505 
to use app without authentication when lockscreen is unlocked. calculated ||MISC 
: Non-existent provider in Samsung Health prior to 6.19.1.0001 
android = samsung allows attacker to access it via malicious content provider or lead || 2021-11-05 B e e AER 
to denial of service. u e 
Improper authorization vulnerability in Samsung Flow mobile 
android -- samsung application prior to 4.8.03.5 allows Samsung Flow PC application 2021-11-05 not yet ||CVE-2021-25507 
connected with user device to access part of notification data in calculated |MISC 
Secure Folder without authorization. 
: A missing input validation in Samsung Flow Windows application 
android - samsung prior to Version 4.8.5.0 allows attackers to overwrite abtraty file in | 2021-11-05 not yet- e VE 2021-20504 
: calculated |MISC 
the Windows known folders. 
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is 
; affected by a SQL Injection SQL injection in the catName a A 
android -- samsung : A not yet ||MISC 
parameter which allows a remote unauthenticated attacker to 2021-11-01 calculated MISC 
retrieve databases information such as application passwords MISC 
hashes. a 
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has 
F multiple reflected Cross Script Scripting vulnerabilities via the CVE-2021-25875 
android -- samsung z not yet ||MISC 
searchPhrase parameter which allows a remote attacker to steal 2021-11-01 calculated MISC 
administrators' session cookies or perform actions as an Rae. 
ae MISC 
administrator. 
Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 
earn ayaen allows attackers to change an administrators password or other 2021-11-02 hot yet. uE 2020-23086 
jpa calculated ||MISC 
unspecified impacts. 
An attacker could prepare a specially crafted project file that, if 
7 opened, would attempt to connect to the cloud and trigger a man ee not yet |CVE-2021-42701 
azeotechi z dagfactory in the middle (MiTM) attack. This could allow an attacker to obtain | 2021-11-05 || calculated MISC 
credentials and take over the user’s cloud account. 
The affected application uses specific functions that could be 
azeotech = daqfactory abused through a crafted project file, which could lead to code 2021-11-05 eke aes 
execution, system reboot, and system shutdown. C= 
Project files are stored memory objects in the form of binary 
azeotech -- daqfactory serialized data that can later be read and deserialized again to 2021-11-05 not yet |CVE-2021-42698 
instantiate the original objects in memory. Malicious manipulation calculated |MISC 
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azeotech -- daqfactory 


The affected product is vulnerable to cookie information being 
transmitted as cleartext over HTTP. An attacker can capture 
network traffic, obtain the user’s cookie and take over the account. 


2021-11-05 


not yet 
calculated 





CVE-2021-42699 
MISC 








bluez -- bluez 


An issue was discovered in gatt-database.c in Bluez 5.61. A use- 
after-free can occur when a client disconnects during D-Bus 
processing of a WriteValue call. 


2021-11-04 


not yet 
calculated 





CVE-2021-43400 
MISC 








bookstack -- bookstack 


bookstack is vulnerable to Improper Limitation of a Pathname to a 
Restricted Directory (‘Path Traversal’) 


2021-11-05 


not yet 
calculated 





CVE-2021-3916 
CONFIRM 
MISC 








cisco -- asyncos 


A vulnerability in the email scanning algorithm of Cisco AsyncOS 
software for Cisco Email Security Appliance (ESA) could allow an 
unauthenticated, remote attacker to perform a denial of service 
(DoS) attack against an affected device. This vulnerability is due 
to insufficient input validation of incoming emails. An attacker 
could exploit this vulnerability by sending a crafted email through 
Cisco ESA. A successful exploit could allow the attacker to 
exhaust all the available CPU resources on an affected device for 
an extended period of time, preventing other emails from being 
processed and resulting in a DoS condition. 


2021-11-04 


not yet 
calculated 


CVE-2021-34741 
CISCO 








cisco -- multiple_products 


A vulnerability in the web-based management interface of Cisco 
Small Business 200 Series Smart Switches, Cisco Small Business 
300 Series Managed Switches, and Cisco Small Business 500 
Series Stackable Managed Switches could allow an 
unauthenticated, remote attacker to render the web-based 
management interface unusable, resulting in a denial of service 
(DoS) condition. This vulnerability is due to improper validation of 
HTTP requests. An attacker could exploit this vulnerability by 
sending a crafted HTTP request to an affected device. A 
successful exploit could allow the attacker to cause a permanent 
invalid redirect for requests sent to the web-based management 
interface of the device, resulting in a DoS condition. 


2021-11-04 


not yet 
calculated 


CVE-2021-40127 
CISCO 








cisco -- policy_suite 


A vulnerability in the key-based SSH authentication mechanism of 
Cisco Policy Suite could allow an unauthenticated, remote 
attacker to log in to an affected system as the root user. This 
vulnerability is due to the re-use of static SSH keys across 
installations. An attacker could exploit this vulnerability by 
extracting a key from a system under their control. A successful 
exploit could allow the attacker to log in to an affected system as 
the root user. 


2021-11-04 


not yet 
calculated 


CVE-2021-40119 
CISCO 








cisco -- 
small_business_series_switches 


A vulnerability in the web-based management interface of multiple 
Cisco Small Business Series Switches could allow an 
unauthenticated, remote attacker to replay valid user session 
credentials and gain unauthorized access to the web-based 
management interface of an affected device. This vulnerability is 
due to insufficient expiration of session credentials. An attacker 
could exploit this vulnerability by conducting a man-in-the-middle 
attack against an affected device to intercept valid session 
credentials and then replaying the intercepted credentials toward 
the same device at a later time. A successful exploit could allow 
the attacker to access the web-based management interface with 
administrator privileges. 


2021-11-04 


not yet 
calculated 


CVE-2021-34739 
CISCO 








couchbase -- server 


Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores 
Sensitive Information in Cleartext. The issue occurs when the 
cluster manager forwards a HTTP request from the pluggable UI 
(query workbench etc) to the specific service. In the backtrace, the 
Basic Auth Header included in the HTTP request, has the "@" 
user credentials of the node processing the UI request. 


2021-11-02 


not yet 
calculated 


CVE-2021-42763 
MISC 
MISC 








couchbase -- server 


metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of 
Sensitive Information. Remote Cluster XDCR credentials can get 
leaked in debug logs. Config key tombstone purging was added in 
Couchbase Server 7.0.0. This issue happens when a config key, 
which is being logged, has a tombstone purger time-stamp 
attached to it. 


2021-11-02 


not yet 
calculated 


CVE-2021-37842 
MISC 
MISC 








cryptot++ -- crypto++ 


Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing 
leakage in MakePublicKey(). There is a clear correlation between 
execution time and private key length, which may cause 
disclosure of the length information of the private key. This might 
allow attackers to conduct timing attacks. 


2021-11-04 


not yet 
calculated 


CVE-2021-43398 
MISC 
MISC 








d-link -- dir-823g_devices 


A command injection vulnerability was discovered in the HNAP1 
protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An 
attacker is able to execute arbitrary web scripts via shell 
metacharacters in the PrivateLogin field to Login. 


2021-11-04 


not yet 
calculated 


CVE-2020-25368 
MISC 
MISC 
MISC 








fusionpbx -- fusionpbx 








An issue was discovered in FusionPBX before 4.5.30. The 
fax_post_size may have risky characters (it is not constrained to 





preset values). 








2021-11-05 


not yet 
calculated 








CVE-2021-43406 
MISC 
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state reset. This may affect data integrity in certain iconv() use 





cases. 














Primary oar A CVSS Source & Patch 
Vendor -- Product Description Published | Score Info 
fusionpbx -- fusionpbx An issue was discovered in FusionPBX before 4.5.30. The FAX 2021-11-05 not yet |CVE-2021-43404 
file name may have risky characters. calculated ||MISC 
: F An issue was discovered in FusionPBX before 4.5.30. The 
fusionpbx -- fusionpbx fax_extension may have risky characters (it is not constrained to 2021-11-05 Raia ri 
be numeric). o 
In all versions of GitLab CE/EE since version 10.6, a project notyet vi raes 
gitlab -- ce/ee export leaks the external webhook token value which may allow 2021-11-05 salcie CONFIRM 
access to the project which it was exported from. Msc 
In all versions of GitLab CE/EE since version 13.0, a privileged CVE-2021-39903 
p g 
: user, through an API call, can change the visibility level of a group not yet MISC 
gitlab — ce/ee or a project to a restricted option even after the instance 2021-11-04 || calculated CONFIRM 
administrator sets that visibility option as restricted in settings. MISC 
Improper validation of ipynb files in GitLab CE/EE version 13.5 cowe Re 
gitlab -- ce/ee and above allows an attacker to execute arbitrary JavaScript code || 2021-11-05 aicid CONFIRM 
on the victim's behalf. Msc 
A potential DOS vulnerability was discovered in GitLab CE/EE eer a 
gitlab -- ce/ee starting with version 13.7. The stripping of EXIF data from certain || 2021-11-05 eed CONFIRM 
images resulted in high CPU usage. Msc 
An improper access control flaw in GitLab CE/EE since version not vet CVE-2021-39911 
gitlab -- ce/ee 13.9 exposes private email address of Issue and Merge Requests || 2021-11-05 eaieuaied MISC 
assignee to Webhook data consumers CONFIRM 
A regular expression denial of service issue in GitLab versions 
8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive not yet (CYE=2021-39914 
gitlab -- ce/ee À 2021-11-04 MISC 
usage of resources when a specially crafted username was used calculated CONFIRM 
when provisioning a new user eee 
In all versions of GitLab CE/EE since version 8.0, an attacker can 
set the pipeline schedules to be active in a project export so when CVE-2021-39895 
gitlab -- ce/ee an unsuspecting owner imports that project, pipelines are active 2021-11-05 not yet MISC 
by default on that project. Under specialized conditions, this ma calculated ||CONFIRM 
y proj p y 
lead to information disclosure if the project is imported from an MISC 
untrusted source. 
Improper access control in GitLab CE/EE version 10.5 and above CVE-2021-39897 
prop 
gitlab -- ce/ee allowed subgroup members with inherited access to a project from 2021-11-05 not yet MISC 
a parent group to still have access even after the subgroup is calculated |CONFIRM 
transferred MISC 
Hab scales In all versions of GitLab CE/EE since version 11.10, an admin of a nótvet e 
9 group can see the SCIM token of that group by visiting a specific 2021-11-05 aca CONFIRM 
endpoint. Msc 
An Improper Access Control vulnerability in the GraphQL API in ICVE-2021-39904 
gitlab -- ce/ee GitLab CE/EE since version 13.1 allows a Merge Request creator 2021-11-05 not yet CONFIRM 
to resolve discussions and apply suggestions after a project owner calculated |MISC 
has locked the Merge Request MISC 
A potential DoS vulnerability was discovered in GitLab CE/EE CVE-2021-39912 
gitlab -- ce/ee A i : 4 à not yet ||CONFIRM 
starting with version 13.7. Using a malformed TIFF images was 2021-11-05 calculated MISC 
possible to trigger memory exhaustion. MISC 
abc: celés Accidental logging of system root password in the migration log in inot-vet CVE-2021-39913 
9 all versions of GitLab CE/EE allows an attacker with local file 2021-11-05 maid CONFIRM 
system access to obtain system root-level privileges MISC 
: Incorrect Authorization in GitLab CE/EE 13.4 or above allows a CVE-2021-39902 
gitlab -- ce/ee f ae ; : : not yet |MISC 
user with guest membership in a project to modify the severity of 2021-11-04 calculated MISC 
an incident. CONFIRM 
l An information disclosure vulnerability in the GitLab CE/EE API CVE-2021-39905 
gitlab -- ce/ee ; : . F not yet MISC 
since version 8.9.6 allows a user to see basic information on 2021-11-05 calculated |CONFIRM 
private groups that a public project has been shared with Msc 
Lack of email address ownership verification in the CVE-2021-39909 
gitlab -- ee/ee CODEOWNERS feature in all versions of GitLab EE since version 2021-11-05 not yet MISC 
11.3 allows an attacker to bypass CODEOWNERS Merge calculated |MISC 
Request approval requirement under rare circumstances CONFIRM 
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, 
; : remote attackers can force iconv() to emit a spurious '' character 
gnu_library -- glibc via crafted ISO-2022-JP-3 data that is accompanied by an internal | 2021-11-04 || "Otvet nn 
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Prima ae : CVSS Source & Patch 
Vendor -- die Description Published Score Info 
GraphiQL is the reference implementation of this monorepo, 
GraphQL IDẸ, an official project under the GraphQL Foundation. 
All versions of graphiq! older than graphiql@1.4.7 are vulnerable 
to compromised HTTP schema introspection responses or 
schema prop values with malicious GraphQL type names, 
exposing a dynamic XSS attack surface that can allow code 
injection on operation autocomplete. In order for the attack to take 
place, the user must load a vulnerable schema in graphiql. There 
are a number of ways that can occur. By default, the schema URL 
is not attacker-controllable in graphiq| or in its suggested 
P : implementations or examples, leaving only very complex attack CVE-2021-41248 
graphiql -- graphiql : : i not yet |MISC 
vectors. If a custom implementation of graphiq|'s fetcher allows the|| 2021-11-04 calculated |CONFIRM 
schema URL to be set dynamically, such as a URL query Msc 
parameter like ?endpoint= in graphql-playground, or a database c 
provided value, then this custom graphiql implementation is 
vulnerable to phishing attacks, and thus much more readily 
available, low or no privelege level xss attacks. The URLs could 
look like any generic looking graphql schema URL. It should be 
noted that desktop clients such as Altair, Insomnia, Postwoman, 
do not appear to be impacted by this. This vulnerability does not 
impact codemirror-graphql, monaco-graphq| or other dependents, 
as it exists in onHasCompletion.ts in graphiql. It does impact all 
forks of graphiql, and every released version of graphiql. 
GraphQL Playground is a GraphQL IDE for development of 
graphQL focused applications. All versions of graphql-playground- 
react older than graphql-playground-react@1.7.28 are vulnerable 
to compromised HTTP schema introspection responses or 
schema prop values with malicious GraphQL type names, 
exposing a dynamic XSS attack surface that can allow code 
injection on operation autocomplete. In order for the attack to take CVE-2021-41249 
graphiql -- graphql_plyground place, the user must load a malicious schema in graphql- 2021-11-04 not yet CONFIRM 
playground. There are several ways this can occur, including by calculated |MISC 
specifying the URL to a malicious schema in the endpoint query MISC 
parameter. If a user clicks on a link to a GraphQL Playground 
installation that specifies a malicious server, arbitrary JavaScript 
can run in the user's browser, which can be used to exfiltrate user 
credentials or other harmful goals. If you are using graphal- 
playground-react directly in your client app, upgrade to version 
1.7.28 or later. 
F ots CVE-2021-3924 
rav is vulnerable to Improper Limitation of a Pathname to a notyet leesne | 
grav => grav Restricted Directory (Path Traversal’) 2011109 ieue o> 
hewlett_packard -- HP has identified a security vulnerability with the LRLS. OCR 
aaawide And. officéiet (Optical Character Recognition) software available with HP 2021-11-03 not yet |CVE-2020-28416 
pag = J PageWide and OfficeJet printer software installations that could calculated ||MISC 
potentially allow unauthorized local code execution. 
S IBM Business Automation Workflow 18. 19, 20, 21, and IBM 
ee automation Wordle Business Process Manager 8.5 and d8.6 transmits or stores 2021-11-05 not yet oe 
= = authentication credentials, but it uses an insecure method that is calculated xF 
susceptible to unauthorized interception and/or retrieval. Ieee 
; ; An issue was discovered in Int15MicrocodeSmm in Insyde CVE-2020-5955 
insyde — insydeh2o insydeH120 before 2021-10-14 on Intel client chipsets. A caller 2021-11-03 || TO'YS! | ICONFIRM 
may be able to escalate privileges. caeieee aan 
irfanview -- irfanview Irfanview v4.53 was discovered to contain an infinity loop via 2021-11-05 not yet |CVE-2020-23566 
JPEG2000!ShowPlugInSaveOptions_W+0x1tecd8. calculated ||MISC 
Irfanview v4.53 allows attackers to to cause a denial of service 
irfanview -- irfanview (DoS) via a crafted JPEG 2000 file. Related to "Integer Divide By 2021-11-05 not yet |CVE-2020-23567 
Zero starting at calculated |MISC 
JPEG2000!ShowPlugInSaveOptions_W+0x00000000000082ea" 
Irfanview v4.53 allows attackers to execute arbitrary code via a 
irfanview -- irfanview crafted JPEG 2000 file. Related to a "Data from Faulting Address 2021-11-05 not yet ||CVE-2020-23565 
controls Branch Selection starting at calculated |MISC 
JPEG2000!ShowPlugInSaveOptions_W+0x0000000000032850". 
jeedom -- jeedom In Jeedom through 4.1.19, a bug allows a remote attacker to 2021-11-01 not yet aa e 
b API access and retrieve users credentials. >> calculated irer 
ypass MISC 
FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, 
re Bai FilePath#isDescendant, and FilePath#get*DiskSpace do not not yet |CVE-2021-21694 
jenkins -- jenkins check any permissions in Jenkins 2.318 and a LTS 2.303.2 ae ealeulated CONFIRM 
and earlier. 
When creating temporary files, agent-to-controller access to 
jenkins -- jenkins create those files is only checked after they've been created in 2021-11-04 Piata en aig 
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. ees 
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Prima oar : CVSS Source & Patch 
Vendor -- Pie Description Published | Score Info 
FilePath#listFiles lists files outside directories that agents are not vet CVE-2021-21695 
jenkins -- jenkins allowed to access when following symbolic links in Jenkins 2.318 2021-11-04 aaeea CONFIRM 
and earlier, LTS 2.303.2 and earlier. MLIST 
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit 
agent read/write access to the libs/ directory inside build 
ae Pore directories when using the FilePath APIs, allowing attackers in not yet CVE-2021-21696 
jenkins -- jenkins s 2021-11-04 CONFIRM 
control of agent processes to replace the code of a trusted library calculated MLIST 
with a modified variant. This results in unsandboxed code feos 
execution in the Jenkins controller process. 
Lge Pere Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check 
jenkins -- jenkins agent-to-controller access to create symbolic links when 2021-11-04 ba A d ena aaa 
unarchiving a symbolic link in FilePath#untar. calculated |S SN TIRA 
FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 
jenkins -- jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent- 2021-11-04 not yet ||CVE-2021-21692 
to-controller access permission on the source path, instead of calculated |CONFIRM 
‘delete’. 
T TR Creating symbolic links is possible without the 'symlink' agent-to- 
jenkins- jenkins controller access control permission in Jenkins 2.318 and earlier, 2021-11-04 noryet E ba 
LTS 2.303.2 and earlier. calculated |CONFIRM 
ienkins= jenkins Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the nat vet CVE-2021-21698 
i J name of a file when looking up a subversion key file on the 2021-11-04 | A 4 [CONFIRM 
controller from an agent. calculate MLIST 
File path filters in the agent-to-controller security subsystem of 
jenkins -- jenkins Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not 2021-11-04 not yet ||CVE-2021-21686 
canonicalize paths, allowing operations to follow symbolic links to calculated |CONFIRM 
outside allowed directories. 
jenkins = jenkins Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check not vet CVE-2021-21685 
j J agent-to-controller access to create parent directories in 2021-11-04 | H d CONFIRM 
FilePath#mkdirs. ca cu'atea WST 
ere PEIE FilePath#unzip and FilePath#untar were not subject to any agent- 
jenkins- jenkins to-controller A control in Jenkins 2.318 Slot iTS. 2021-11-04 not yet |CVE-2021-21689 
: calculated |CONFIRM 
2.303.2 and earlier. 
jonking<-denkins Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any Adtvet CVE-2021-21697 
Hen Jens agent to read and write the contents of any build directory stored 2021-11-04 | Hi d CONFIRM 
in Jenkins with very few restrictions. ee eee eT 
ae ae Agent processes are able to completely bypass file path filterin 
jenkins -- jenkins B arpa the file operation in a acne path ndena - 2021-11-04 no BA oa 
2.318 and earlier, LTS 2.303.2 and earlier. a |e 
JupyterHub is an open source multi-user server for Jupyter 
notebooks. In affected versions users who have multiple 
JupyterLab tabs open in the same browser session, may see 
incomplete logout from the single-user server, as fresh credentials 
upyterhub= iupvter notebooks (for the single-user server only, not the Hub) reinstated after nótyet CVE-2021-41247 
jupy Jupyter_ logout, if another active JupyterLab session is open while the 2021-11-04 i A ted (CONFIRM 
logout takes place. Upgrade to JupyterHub 1.5. For distributed eae Mee 
deployments, it is jupyterhub in the _user_ environment that 
needs patching. There are no patches necessary in the Hub 
environment. The only workaround is to make sure that only one 
JupyterLab tab is open when you log out. 
CVE-2021-43389 
MISC 
linx = linux kernel An issue was discovered in the Linux kernel before 5.14.15. There not yet MISC 
= is an array-index-out-of-bounds flaw in the detach_capi_ctr 2021-11-04 calculated MISC 
function in drivers/isdn/capi/kcapi.c. MISC 
CONFIRM 
MLIST 
Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 
area smati- version and before, creates an open Wi-Fi Access Point without 
fi_2 way wall switch the required security measures in its initial setup. This could allow 2021-11-05 not yet |CVE-2021-3774 
SSS a remote attacker to obtain the Wi-Fi SSID as well as the calculated |CONFIRM 
password configured by the user from Meross app via Http/JSON 
plain request. 
Bk a A local buffer overflow vulnerability exists in the latest version of 
Minipa =minintpa Miniftpd in ftpproto.c through the tmp variable, where a crafted 2021-11-04 ee oe ae =a 
payload can be sent to the affected function. calculated iisu 
Possible system denial of service in case of arbitrary changing 
mozilla -- firefox Firefox browser parameters. An attacker could change specific 2021-11-03 not yet ||CVE-2021-35053 
Firefox browser parameters file in a certain way and then reboot calculated |MISC 
the system to make the system unbootable. 
Buffer overflow vulnerability in the Transaction Server 
nec -- clusterpro CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER 2021-11-03 not yet |CVE-2021-20703 
X 1.0 for Windows and later allows attacker to remote code calculated ||MISC 
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of Service, Code Execution, and Information Disclosure) via a 
crafted Device IO Control packet to a device. 

















Primary oar A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 
nec -- clusterpro 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for 2021-11-03 not yet ||CVE-2021-20701 
Windows and later allows attacker to remote code execution via a calculated |MISC 
network. 
Buffer overflow vulnerability in the Transaction Server 
nec -- clusterpro CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER 2021-11-03 not yet |CVE-2021-20702 
X 1.0 for Windows and later allows attacker to remote code calculated |MISC 
execution via a network. 
Improper input validation vulnerability in the WebManager 
nec -- clusterpro CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER 2021-11-03 not yet |CVE-2021-20705 
X 1.0 for Windows and later allows attacker to remote file upload calculated |MISC 
via network. 
Buffer overflow vulnerability in the compatible API with previous 
nec -- clusterpro versions CLUSTERPRO X 1.0 for Windows and later, 2021-11-03 not yet ||CVE-2021-20704 
EXPRESSCLUSTER X 1.0 for Windows and later allows attacker calculated |MISC 
to remote code execution via a network. 
Improper input validation vulnerability in the Transaction Server 
nec -- clusterpro CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER 2021-11-03 not yet |CVE-2021-20707 
X 1.0 for Windows and later allows attacker to read files upload calculated |MISC 
via network.. 
Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 
nec -- clusterpro 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for 2021-11-03 not yet ||CVE-2021-20700 
Windows and later allows attacker to remote code execution via a calculated |MISC 
network. 
Improper input validation vulnerability in the WebManager 
nec -- clusterpro CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER 2021-11-03 not yet |CVE-2021-20706 
X 1.0 for Windows and later allows attacker to remote file upload calculated ||MISC 
via network. 
Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. 
oa ; The evallnContext function in executes user input, which allows 
Pbsidian:dalayiew an attacker to craft malicious Markdown files that will execute 2021-11-04 as eee 
arbitrary code once opened. NOTE: 0.4.13 provides a mitigation peers 
for some use cases. 
CVE-2021-35368 
Wasp modsecurity core-rule OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x not yet CONFIRM 
P y— = before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body || 2021-11-05 aiaei MISC 
Bypass via a trailing pathname. CONFIRM 
MISC 
Multiple Cross Site Scripting (XSS) vulnerabilities exist in 
phpgurukul -- PHPGurukul Hospital Management System 4.0 via the (1) z p 
hospital_management_system searchdata parameter in (a) doctor/search.php and (b) 2021-11-05 as oe 
admin/patient-search.php, and the (2) fromdate and (3) todate BE 
parameters in admin/betweendates-detailsreports.php. 
Multiple Cross Site Scripting (XSS) vulnerabilities exists in 
PHPGurukul Shopping v3.1 via the (1) callback parameter in (a) 
phpgurukul -- shopping server_side/scripts/id_jsonp.php, (b) 2021-11-05 not yet ||CVE-2021-39412 
server_side/scripts/jsonp.php, and (c) scripts/objects_jsonp.php, calculated |MISC 
the (2) value parameter in examples_support/editable_ajax.php, 
and the (3) PHP_SELF parameter in captcha/index.php. 
Pomerium is an open source identity-aware access proxy. In 
affected versions changes to the OIDC claims of a user after initial 
login are not reflected in policy evaluation when using 
omenim pomerium `allowed_idp_claims` as part of policy. If using not vet CVE-2021-41230 
P p `allowed_idp_claims` and a user's claims are changed, Pomerium || 2021-11-05 cdleulaled CONFIRM 
can make incorrect authorization decisions. This issue has been MISC 
resolved in v0.15.6. For users unable to upgrade clear data on 
`databroker` service by clearing redis or restarting the in-memory 
databroker to force claims to be updated. 
pybbcms -- topicmapper A SQL injection vulnerability in TopicMapper.xml of PybbsCMS 2021-11-01 not yet |CVE-2020-28702 
v5.2.1 allows attackers to access sensitive database information. calculated ||MISC 
Python discord bot is the community bot for the Python Discord 
community. In affected versions when a non-blacklisted URL and 
thon -- discord an otherwise triggering filter token is included in the same notyet CVE-2021-41250 
Py message the token filter does not trigger. This means that by 2021-11-05 aed MISC 
including any non-blacklisted URL moderation filters can be CONFIRM 
bypassed. This issue has been resolved in commit 
6739029885251 3d13e0213870e50fb3cff1424e0 
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for 
Camera/Hub/Audio through 1.14.0.0 allows local low-privileged 
realtek 2 suis users to achieve unauthorized access to USB device privileged IN 2021-11-02 not yet a 
p and OUT instructions (leading to Escalation of Privileges, Denial calculated MISC 
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realtek -- rtsupx 


RtsUpx.sys in Realtek RtsUpx USB Utility Driver for 
Camera/Hub/Audio through 1.14.0.0 allows local low-privileged 
users to achieve a pool overflow (leading to Escalation of 
Privileges, Denial of Service, and Code Execution) via a crafted 
Device IO Control packet to a device. 


2021-11-02 


not yet 
calculated 


CVE-2021-36924 
MISC 
MISC 








realtek -- rtsupx 


RtsUpx.sys in Realtek RtsUpx USB Utility Driver for 
Camera/Hub/Audio through 1.14.0.0 allows local low-privileged 
users to achieve unauthorized access to USB devices (Escalation 
of Privileges, Denial of Service, Code Execution, and Information 
Disclosure) via a crafted Device IO Control packet to a device. 


2021-11-02 


not yet 
calculated 


CVE-2021-36922 
MISC 
MISC 








realtek -- rtsupx 


RtsUpx.sys in Realtek RtsUpx USB Utility Driver for 
Camera/Hub/Audio through 1.14.0.0 allows local low-privileged 
users to achieve an arbitrary read or write operation from/to 
physical memory (leading to Escalation of Privileges, Denial of 
Service, Code Execution, and Information Disclosure) via a 
crafted Device IO Control packet to a device. 


2021-11-02 


not yet 
calculated 


CVE-2021-36925 
MISC 
MISC 








sap -- 
business_technology_Platform 


@sap-cloud-sdk/core contains the core functionality of the SAP 
Cloud SDK as well as the SAP Business Technology Platform 
abstractions. This affects applications on SAP Business 
‘Technology Platform that use the SAP Cloud SDK and enabled 
caching of destinations. In affected versions and in some cases, 
when user information was missing, destinations were cached 
without user information, allowing other users to retrieve the same 
destination with its permissions. By default, destination caching is 
disabled. The security for caching has been increased. The 
changes are released in version 1.52.0. Users unable to upgrade 
are advised to disable destination caching (it is disabled by 
default). 


2021-11-05 


not yet 
calculated 


CVE-2021-41251 
MISC 

CONFIRM 

MISC 








seo -- panel 


Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO 
Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) 
analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, 
(f) rank.php, (g) review.php, (h) saturationchecker.php, (i) 
social_media.php, and (j) reports.php; the (2) from_time 
parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) 
overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) 
saturationchecker.php, (i) social_media.php, (j) webmaster- 
tools.php, and (k) reports.php; the (3) order_col parameter in (a) 
analytics.php, (b) review.php, (c) social_media.php, and (d) 
webmaster-tools.php; and the (4) pageno parameter in (a) 
alerts.php, (b) log.php, (c) keywords.php, (d) proxy.php, (e) 
searchengine.php, and (f) siteauditor.php. 


2021-11-05 


not yet 
calculated 


CVE-2021-39413 
MISC 








seo -- remote_clinic 


Multiple Cross Site Scripting (XSS) vulnerabilities exists in 
Remote Clinic v2.0 in (1) patients/register-patient.php via the (a) 
Contact, (b) Email, (c) Weight, (d) Profession, (e) ref_contact, (f) 
address, (g) gender, (h) age, and (i) serial parameters; in (2) 
patients/edit-patient.php via the (a) Contact, (b) Email, (c) Weight, 
Profession, (d) ref_contact, (e) address, (f) serial, (g) age, and (h) 
gender parameters; in (3) staff/edit-my-profile.php via the (a) Title, 
(b) First Name, (c) Last Name, (d) Skype, and (e) Address 
parameters; and in (4) clinics/settings.php via the (a) portal_name, 
(b) guardian_short_name, (c) guardian_name, (d) opening_time, 
(e) closing_time, (f) access_level_5, (g) access_level_4, (h) 
access_level_ 3, (i) access_level_2, (j) access_level_1, (k) 
currency, (|) mobile_number, (m) address, (n) patient_contact, (0) 
patient_address, and (p) patient_email parameters. 


2021-11-05 


not yet 
calculated 


CVE-2021-39416 
MISC 
MISC 
MISC 








sitecore -- xp 


Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is 
vulnerable to an insecure deserialization attack where it is 
possible to achieve remote command execution on the machine. 
No authentication or special configuration is required to exploit this 
Vulnerability. 


2021-11-05 


not yet 
calculated 


CVE-2021-42237 
MISC 
MISC 
MISC 








sonatype -- 
nexus_repository_manager 


Sonatype Nexus Repository Manager 3.x through 3.35.0 allows 
attackers to access the SSL Certificates Loading function via a 
low-privileged account. 


2021-11-02 


not yet 
calculated 


CVE-2021-42568 
MISC 
MISC 








sourcecodester -- 
engineers_online_portal 








A file upload vulnerability exists in Sourcecodester Engineers 
Online Portal in PHP via dashboard_teacher.php, which allows 
changing the avatar through teacher_avatar.php. Once an avatar 
gets uploaded it is getting uploaded to the /admin/uploads/ 
directory, and is accessible by all users. By uploading a php 
webshell containing "<?php system($_GET["cmd"]); ?>" the 
attacker can execute commands on the web server with - 





/admin/uploads/php-webshell?cmd=id. 








2021-11-05 





not yet 
calculated 





CVE-2021-42669 
MISC 
MISC 
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on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as 





these are also affected and still in supported range. 














Primary ae A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in 
sourcecodestër Sourcecodester Engineers Online Portal in PHP via the (1) Quiz CVE-2021-42664 
engineers online: portal title and (2) quiz description parameters to add_quiz.php. An 2021-11-05 not yet MISC 
9 = P attacker can leverage this vulnerability in order to run javascript calculated ||MISC 
commands on the web server surfers behalf, which can lead to MISC 
cookie stealing and more. 
sourcecodester -- An SQL Injection vulnerability exists in Sourcecodester Engineers ok vet ania 
engineers_online_portal Online Portal in PHP via the login form inside of index.php, which || 2021-11-05 enced MISC 
can allow an attacker to bypass authentication. MISC 
A SQL Injection vulnerability exists in Sourcecodester Engineers ? F 
sourcecodester -- Online Portal in PHP via the id parameter to quiz_question.php, not vet 7 A 
engineers_online_portal which could let a malicious user extract sensitive data from the 2021-11-05 AET MISC 
web server and in some cases use this vulnerability in order to get MISC 
a remote code execution on the remote web server. ee 
A SQL Injection vulnerability exists in Sourcecodester Engineers 
Online Portal in PHP via the id parameter in the 
sourcecodester — my_classmates.php web page.. As a result, an attacker can not yet CVE-2021-42668 
engineers_online_portal ae ; 2021-11-05 MISC 
extract sensitive data from the web server and in some cases can calculated MISC 
use this vulnerability in order to get a remote code execution on PeF 
the remote web server. 
An incorrect access control vulnerability exists in Sourcecodester 
sourcecodester -- Engineers Gnling Fortal in PHP in CVE-2021-42671 
engineers_online_portal nia_munoz_monitoring_system/admin/uploads. An attacker can 2021-11-05 not yet MISC 
= = leverage this vulnerability in order to bypass access controls and calculated MISC 
access all the files uploaded to the web server without the need of n 
authentication or authorization. 
A SQL injection vulnerability exists in Sourcecodester Engineers 
Online Portal in PHP via the id parameter to the 
lace A ortal announcements_student.php web page. As a result a malicious 2021-11-05 not yet oo 
9 = -P user can extract sensitive data from the web server and in some calculated MISC 
cases use this vulnerability in order to get a remote code a 
execution on the remote web server. 
A SQL Injection vulnerability exists in Sourcecodester Online 
Event Booking and Reservation System in PHP in event- 
eolireacodecion=: management/views. An attacker can leverage this vulnerability in Rar vet CVE-2021-42667 
aniline vent bòskna-snd-reserwal order {9 manipulate the sql query performed. As a result he can 2021-11-05 eee MISC 
= = g_anc_ xtravt Sensitive data from the web server and in some cases he MISC 
can use this vulnerability in order to get a remote code execution 
on the remote web server. 
An HTML injection vulnerability exists in Sourcecodester Online 
sóürcecodéstérs: Event Booking and Reservation System in PHP/MySQL via the CVE-2021-42663 
online_event_booking_and_reservat SESS aed 1 lẹvent-managementindex: php: aN aes can | 2021-11-05 not yet MISC 
= = SS ve ge this vulnerability in order to change the visibility of the calculated MISC 
website. Once the target user clicks on a given link he will display — 
the content of the HTML code of the attacker's choice. 
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to i £ 
stivasoft -- fundraising_script contain a SQL injection vulnerability via the pjActionLoadForm 2021-11-05 ie P 2020-22225 
function: calculate SC 
À = i ; Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to 7 j 
stiväsoft== fundraising. seript contain a SQL injection vulnerability via the pjActionSetAmount 2021-11-05 o n eo en 2020-22226 
fineer. calculate SC 
F _ PEP : Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to 7 : 
stivasoft -- fundraising_seript contain a cross-site scripting (XSS) vulnerability via the 2021-11-05 Pe tae eee 
pjActionPreview function. presses 
, L 7 ; Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to 7 7 
Stivasoft == fundráising Sept contain a cross-site scripting (XSS) vulnerability via the 2021-11-05 Pe ae a = 
pjActionLoadCss function. n 
stivasoft -- fundraising_script Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to 2021-11-05 not yet ||CVE-2020-22223 
contain a SQL injection vulnerability via the pjActionLoad function. calculated ||MISC 
An issue was discovered in Talend Data Catalog before 7.3- 
taiesnd== data -catalo 20210930. After setting up SAML/OAuth, authentication is not iotvét CVE-2021-42837 
= 9 correctly enforced on the native login page. Any valid user from 2021-11-05 cied MISC 
the SAML/OAuth provider can be used as the username with an CONFIRM 
arbitrary password, and login will succeed. 
TensorFlow is an open source platform for machine learning. In 
affected versions the implementation of `FusedBatchNorm` 
tensomowsstensornow kernels is vulnerable to a heap OOB access. The fix will be 2021-11-05 not yet Iae e 
included in TensorFlow 2.7.0. We will also cherrypick this commit calculated CONFIRM 
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will also cherrypick these commits on TensorFlow 2.6.1, 
TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also 





affected and still in supported range. 

















Prima aT : CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
TensorFlow is an open source platform for machine learning. In 
affected versions the shape inference code for `tf.ragged.cross` 
has an undefined behavior due to binding a reference to ‘nullptr’. not yet CVE-2021-41214 
tensorflow -- tensorflow The fix will be included in TensorFlow 2.7.0. We will also 2021-11-05 Ac oad CONFIRM 
cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, MISC 
and TensorFlow 2.4.4, as these are also affected and still in 
supported range. 
TensorFlow is an open source platform for machine learning. In 
affected versions if `tf.tile` is called with a large input argument 
then the TensorFlow process will crash due to a ‘CHECK’ -failure 
caused by an overflow. The number of elements in the output CVE-2021-41198 
tensor is too much for the ‘int64_t type and the overflow is not yet MISC 
ten orno W CEnSOrNGW detected via a ‘CHECK’ statement. This aborts the process. The 2021-11-05 || calculated |CONFIRM 
fix will be included in TensorFlow 2.7.0. We will also cherrypick MISC 
this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and 
‘TensorFlow 2.4.4, as these are also affected and still in supported 
range. 
‘TensorFlow is an open source platform for machine learning. In 
affected versions if ‘tf.image.resize’ is called with a large input 
argument then the TensorFlow process will crash due to a 
*CHECK’-failure caused by an overflow. The number of elements CVE-2021-41199 
in the output tensor is too much for the “int64_t type and the not yet CONFIRM 
tensonlow > teasoriow overflow is detected via a ‘CHECK’ statement. This aborts the 2021109 dalu MISC 
process. The fix will be included in TensorFlow 2.7.0. We will also MISC 
cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, 
and TensorFlow 2.4.4, as these are also affected and still in 
supported range. 
TensorFlow is an open source platform for machine learning. In 
affected versions if `tf.summary.create_file_writer" is called with CVE-2021-41200 
non-scalar arguments code crashes due to a ‘CHECK’ -fail. The fix not yet MISC 
tensorlow > teasorlicys will be included in TensorFlow 2.7.0. We will also cherrypick this || 2021-11-05 || calculated |[CONFIRM 
commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow MISC 
2.4.4, as these are also affected and still in supported range. 
‘TensorFlow is an open source platform for machine learning. In 
affected versions while calculating the size of the output within the 
‘tf.range’ kernel, there is a conditional statement of type “int64 = CVE-2021-41202 
condition ? int64 : double’. Due to C++ implicit conversion rules, CONFIRM 
both branches of the condition will be cast to `double` and the not yet |MISC 
tensorflow -- tensorflow result would be truncated before the assignment. This result in i) calculated MISC 
overflows. The fix will be included in TensorFlow 2.7.0. We will MISC 
also cherrypick this commit on TensorFlow 2.6.1, TensorFlow MISC 
2.5.2, and TensorFlow 2.4.4, as these are also affected and still in 
supported range. 
‘TensorFlow is an open source platform for machine learning. In 
affected versions an attacker can trigger undefined behavior, 
integer overflows, segfaults and ‘CHECK’-fail crashes if they can a 
change saved checkpoints from outside of TensorFlow. This is not yet Misc 
tensorflow -- tensorflow because the checkpoints loading infrastructure is missing 2021-11-05 eel MISC 
validation for invalid file formats. The fixes will be included in MISC 
TensorFlow 2.7.0. We will also cherrypick these commits on MISC 
TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as e 
these are also affected and still in supported range. 
TensorFlow is an open source platform for machine learning. In 
affected versions during TensorFlow's Grappler optimizer phase, 
constant folding might attempt to deep copy a resource tensor. 
tënsoriow:= tensorfiow This results in a segfault, as these tensors are supposed to not 2021-11-05 not yet aa =e 
change. The fix will be included in TensorFlow 2.7.0. We will also calculated CONFIRM 
cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, — 
and TensorFlow 2.4.4, as these are also affected and still in 
supported range. 
‘TensorFlow is an open source platform for machine learning. In 
affected versions several TensorFlow operations are missing 
validation for the shapes of the tensor arguments involved in the 
call. Depending on the API, this can result in undefined behavior -i 
and segfault or `CHECK`-fail related crashes but in some MISC 
scenarios writes and reads from heap populated arrays are also not yet MISC 
tensorflow -- tensorflow possible. We have discovered these issues internally via tooling 2021-11-05 Pinata MISC 
while working on improving/testing GPU op determinism. As such, CONFIRM 
we don't have reproducers and there will be multiple fixes for Msc 
these issues. These fixes will be included in TensorFlow 2.7.0. We MISC 
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tensorflow -- tensorflow 


TensorFlow is an open source platform for machine learning. In 
affected versions the implementation of `ParallelConcat misses 
some input validation and can produce a division by 0. The fix will 
be included in TensorFlow 2.7.0. We will also cherrypick this 
commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 
2.4.4, as these are also affected and still in supported range. 


2021-11-05 


not yet 
calculated 


CVE-2021-41207 
CONFIRM 
MISC 








tensorflow -- tensorflow 


TensorFlow is an open source platform for machine learning. In 
affected versions the shape inference code for `tf.ragged.cross` 
can trigger a read outside of bounds of heap allocated array. The 
fix will be included in TensorFlow 2.7.0. We will also cherrypick 
this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and 
TensorFlow 2.4.4, as these are also affected and still in supported 
range. 


2021-11-05 


not yet 
calculated 


CVE-2021-41212 
CONFIRM 
MISC 








tensorflow -- tensorflow 


TensorFlow is an open source platform for machine learning. In 
affected versions the implementations for convolution operators 
trigger a division by 0 if passed empty filter tensor arguments. The 
fix will be included in TensorFlow 2.7.0. We will also cherrypick 
this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and 
TensorFlow 2.4.4, as these are also affected and still in supported 
range. 


2021-11-05 


not yet 
calculated 


CVE-2021-41209 
MISC 
CONFIRM 








tensorflow -- tensorflow 


TensorFlow is an open source platform for machine learning. In 
affected versions the shape inference code for the `Cudnn*` 
operations in TensorFlow can be tricked into accessing invalid 
memory, via a heap buffer overflow. This occurs because the 
ranks of the ‘input’, `input_h` and ‘input_c’ parameters are not 
validated, but code assumes they have certain values. The fix will 
be included in TensorFlow 2.7.0. We will also cherrypick this 
commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 
2.4.4, as these are also affected and still in supported range. 


2021-11-05 


not yet 
calculated 


CVE-2021-41221 
CONFIRM 
MISC 








tensorflow -- tensorflow 


TensorFlow is an open source platform for machine learning. In 
affected versions TensorFlow's Grappler optimizer has a use of 
unitialized variable. If the `train_nodes` vector (obtained from the 
saved model that gets optimized) does not contain a `Dequeue` 
node, then “dequeue_node’ is left unitialized. The fix will be 
included in TensorFlow 2.7.0. We will also cherrypick this commit 
on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as 
these are also affected and still in supported range. 


2021-11-05 


not yet 
calculated 


CVE-2021-41225 
MISC 
CONFIRM 








tensorflow -- tensorflow 


‘TensorFlow is an open source platform for machine learning. In 
affected versions the implementation of ‘SparseBinCount is 
vulnerable to a heap OOB access. This is because of missing 
validation between the elements of the ‘values’ argument and the 
shape of the sparse output. The fix will be included in TensorFlow 
2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, 
TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also 
affected and still in supported range. 


2021-11-05 


not yet 
calculated 


CVE-2021-41226 
MISC 
CONFIRM 








tensorflow -- tensorflow 


TensorFlow is an open source platform for machine learning. In 
affected versions the `ImmutableConst operation in TensorFlow 
can be tricked into reading arbitrary memory contents. This is 
because the ‘tstring’ TensorFlow string class has a special case 
for memory mapped strings but the operation itself does not offer 
any support for this datatype. The fix will be included in 
‘TensorFlow 2.7.0. We will also cherrypick this commit on 
TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as 
these are also affected and still in supported range. 


2021-11-05 


not yet 
calculated 


CVE-2021-41227 
CONFIRM 

MISC 

MISC 








tensorflow -- tensorflow 


‘TensorFlow is an open source platform for machine learning. In 
affected versions the shape inference code for “AIIToAll’ can be 
made to execute a division by 0. This occurs whenever the 
*split_count’ argument is 0. The fix will be included in TensorFlow 
2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, 
TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also 
affected and still in supported range. 


2021-11-05 


not yet 
calculated 


CVE-2021-41218 
CONFIRM 
MISC 








tensorflow -- tensorflow 








TensorFlow is an open source platform for machine learning. In 
affected versions TensorFlow's `saved_model_cli> tool is 
vulnerable to a code injection as it calls ‘eval’ on user supplied 
strings. This can be used by attackers to run arbitrary code on the 
plaform where the CLI tool runs. However, given that the tool is 
always run manually, the impact of this is not severe. We have 
patched this by adding a ‘safe’ flag which defaults to `True` and 
an explicit warning for users. The fix will be included in 
‘TensorFlow 2.7.0. We will also cherrypick this commit on 
TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as 





these are also affected and still in supported range. 








2021-11-05 





not yet 
calculated 





CVE-2021-41228 
MISC 
CONFIRM 











https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2fb46b6 


30/33 








11/8/21, 2:19 PM 


Vulnerability Summary for the Week of November 1, 2021 





Primary 
Vendor -- Product 


Description 


Published 


CVSS 
Score 


Source & Patch 
Info 








tensorflow -- tensorflow 


TensorFlow is an open source platform for machine learning. In 
affected versions the implementation of “SplitV’ can trigger a 
segfault is an attacker supplies negative arguments. This occurs 
whenever ‘size_splits’ contains more than one value and at least 
one value is negative. The fix will be included in TensorFlow 2.7.0. 
We will also cherrypick this commit on TensorFlow 2.6.1, 
TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also 
affected and still in supported range. 


2021-11-05 


not yet 
calculated 


CVE-2021-41222 
CONFIRM 
MISC 








tensorflow -- tensorflow 


TensorFlow is an open source platform for machine learning. In 
affected versions the shape inference code for 
`DeserializeSparse` can trigger a null pointer dereference. This is 
because the shape inference function assumes that the 
*serialize_sparse’ tensor is a tensor with positive rank (and having 
*3° as the last dimension). The fix will be included in TensorFlow 
2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, 
TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also 
affected and still in supported range. 


2021-11-05 


not yet 
calculated 


CVE-2021-41215 
MISC 
CONFIRM 








tensorflow -- tensorflow 


TensorFlow is an open source platform for machine learning. In 
affected versions the code for boosted trees in TensorFlow is still 
missing validation. As a result, attackers can trigger denial of 
service (via dereferencing `nullptr`s or via `CHECK`-failures) as 
well as abuse undefined behavior (binding references to 
`nullptr`s). An attacker can also read and write from heap buffers, 
depending on the API that gets used and the arguments that are 
passed to the call. Given that the boosted trees implementation in 
TensorFlow is unmaintained, it is recommend to no longer use 
these APIs. We will deprecate TensorFlow's boosted trees APIs in 
subsequent releases. The fix will be included in TensorFlow 2.7.0. 
We will also cherrypick this commit on TensorFlow 2.6.1, 
TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also 
affected and still in supported range. 


2021-11-05 


not yet 
calculated 


CVE-2021-41208 
MISC 
CONFIRM 








tensorflow -- tensorflow 


TensorFlow is an open source platform for machine learning. In 
affected versions the implementation of ‘tf.math.segment_* 
operations results in a ‘CHECK’-fail related abort (and denial of 
service) if a segment id in ‘segment_ids’ is large. This is similar to 
CVE-2021-29584 (and similar other reported vulnerabilities in 
'TensorFlow, localized to specific APIs): the implementation (both 
on CPU and GPU) computes the output shape using “AddDim’. 
However, if the number of elements in the tensor overflows an 
*int64_t value, `AddDim` results in a ‘CHECK’ failure which 
provokes a ‘std::abort’. Instead, code should use 
*AddDimWithStatus’. The fix will be included in TensorFlow 2.7.0. 
We will also cherrypick this commit on TensorFlow 2.6.1, 
TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also 
affected and still in supported range. 


2021-11-05 


not yet 
calculated 


CVE-2021-41195 
CONFIRM 

MISC 

MISC 

MISC 








tensorflow -- tensorflow 


‘TensorFlow is an open source platform for machine learning. In 
affected versions the Keras pooling layers can trigger a segfault if 
the size of the pool is 0 or if a dimension is negative. This is due to 
the TensorFlow's implementation of pooling operations where the 
values in the sliding window are not checked to be strictly positive. 
The fix will be included in TensorFlow 2.7.0. We will also 
cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, 
and TensorFlow 2.4.4, as these are also affected and still in 
supported range. 


2021-11-05 


not yet 
calculated 


CVE-2021-41196 
MISC 

CONFIRM 

MISC 








tensorflow -- tensorflow 








‘TensorFlow is an open source platform for machine learning. In 
affected versions TensorFlow allows tensor to have a large 
number of dimensions and each dimension can be as large as 
desired. However, the total number of elements in a tensor must fit 
within an ‘int64_t’. If an overflow occurs, 
*MultiplyWithoutOverflow’ would return a negative result. In the 
majority of TensorFlow codebase this then results in a “CHECK’- 
failure. Newer constructs exist which return a ‘Status’ instead of 
crashing the binary. This is similar to CVE-2021-29584. The fix will 
be included in TensorFlow 2.7.0. We will also cherrypick this 
commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 





2.4.4, as these are also affected and still in supported range. 








2021-11-05 





not yet 
calculated 





CVE-2021-41197 
CONFIRM 

MISC 

MISC 

MISC 

MISC 

MISC 
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tensorflow -- tensorflow 


TensorFlow is an open source platform for machine learning. In 
affeced versions during execution, 
`EinsumHelper::ParseEquation() is supposed to set the flags in 
`input_has_ellipsis` vector and `*output_has_ellipsis boolean to 
indicate whether there is ellipsis in the corresponding inputs and 
output. However, the code only changes these flags to `true` and 
never assigns `false`. This results in unitialized variable access if 
callers assume that ‘EinsumHelper::ParseEquation() always sets 
these flags. The fix will be included in TensorFlow 2.7.0. We will 
also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 
2.5.2, and TensorFlow 2.4.4, as these are also affected and still in 
supported range. 


2021-11-05 


not yet 
calculated 


CVE-2021-41201 
MISC 
CONFIRM 








tensorflow -- tensorflow 


TensorFlow is an open source platform for machine learning. In 
affected versions the async implementation of 
`CollectiveReduceV2` suffers from a memory leak and a use after 
free. This occurs due to the asynchronous computation and the 
fact that objects that have been `std::move() d from are still 
accessed. The fix will be included in TensorFlow 2.7.0. We will 
also cherrypick this commit on TensorFlow 2.6.1, as this version is 
the only one that is also affected. 


2021-11-05 


not yet 
calculated 


CVE-2021-41220 
CONFIRM 
MISC 








tensorflow -- tensorflow 


TensorFlow is an open source platform for machine learning. In 
affected versions the code for sparse matrix multiplication is 
vulnerable to undefined behavior via binding a reference to 
`nullptr`. This occurs whenever the dimensions of `a` or `b` are 0 
or less. In the case on one of these is 0, an empty output tensor 
should be allocated (to conserve the invariant that output tensors 
are always allocated when the operation is successful) but nothing 
should be written to it (that is, we should return early from the 
kernel implementation). Otherwise, attempts to write to this empty 
tensor would result in heap OOB access. The fix will be included 
in TensorFlow 2.7.0. We will also cherrypick this commit on 
TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as 
these are also affected and still in supported range. 


2021-11-05 


not yet 
calculated 


CVE-2021-41219 
CONFIRM 
MISC 








tensorflow -- tensorflow 


TensorFlow is an open source platform for machine learning. In 
affected versions the shape inference functions for the 
`QuantizeAndDequantizeV* operations can trigger a read outside 
of bounds of heap allocated array. The fix will be included in 
TensorFlow 2.7.0. We will also cherrypick this commit on 
TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as 
these are also affected and still in supported range. 


2021-11-05 


not yet 
calculated 


CVE-2021-41205 
CONFIRM 
MISC 








tensorflow -- tensorflow 


TensorFlow is an open source platform for machine learning. In 
affected versions the process of building the control flow graph for 
a TensorFlow model is vulnerable to a null pointer exception when 
nodes that should be paired are not. This occurs because the 
code assumes that the first node in the pairing (e.g., an ‘Enter’ 
node) always exists when encountering the second node (e.g., an 
‘Exit’ node). When this is not the case, ‘parent’ is `nullptr so 
dereferencing it causes a crash. The fix will be included in 
‘TensorFlow 2.7.0. We will also cherrypick this commit on 
TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as 
these are also affected and still in supported range. 


2021-11-05 


not yet 
calculated 


CVE-2021-41217 
MISC 
CONFIRM 








tensorflow -- tensorflow 


TensorFlow is an open source platform for machine learning. In 
affected versions the implementation of `SparseFillEmptyRows` 
can be made to trigger a heap OOB access. This occurs 
whenever the size of ‘indices’ does not match the size of ‘values’. 
The fix will be included in TensorFlow 2.7.0. We will also 
cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, 
and TensorFlow 2.4.4, as these are also affected and still in 
supported range. 


2021-11-05 


not yet 
calculated 


CVE-2021-41224 
MISC 
CONFIRM 








tensorflow -- tensorflow 











TensorFlow is an open source platform for machine learning. In 
affected versions the shape inference functions for 
`SparseCountSparseOutput can trigger a read outside of bounds 
of heap allocated array. The fix will be included in TensorFlow 
2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, 
TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also 
affected and still in supported range. 








2021-11-05 





not yet 
calculated 








CVE-2021-41210 
MISC 
CONFIRM 
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TensorFlow is an open source platform for machine learning. In 
affected versions the shape inference code for `QuantizeV2` can 
trigger a read outside of bounds of heap allocated array. This 
occurs whenever ‘axis’ is a negative value less than `-1`. In this 
case, we are accessing data before the start of a heap buffer. The 
tensorflow -- tensorflow code allows ‘axis’ to be an optional argument (`s` would contain 
an ‘error::NOT_FOUND*’ error code). Otherwise, it assumes that 
‘axis’ is a valid index into the dimensions of the ‘input’ tensor. If 
‘axis’ is less than `-1` then this results in a heap OOB read. The 
fix will be included in TensorFlow 2.7.0. We will also cherrypick 
this commit on TensorFlow 2.6.1, as this version is the only one 
that is also affected. 


2021-11-05 


not yet 
calculated 


CVE-2021-41211 
CONFIRM 
MISC 








‘TensorFlow is an open source platform for machine learning. In 
affected versions the shape inference function for ‘Transpose’ is 
vulnerable to a heap buffer overflow. This occurs whenever `perm` 
tensorflow -- tensorflow contains negative elements. The shape inference function does 
not validate that the indices in ‘perm are all valid. The fix will be 
included in TensorFlow 2.7.0. We will also cherrypick this commit 
on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as 
these are also affected and still in supported range. 


2021-11-05 


not yet 
calculated 


CVE-2021-41216 
CONFIRM 
MISC 








TensorFlow is an open source platform for machine learning. In 
affected versions the code behind ‘tf.function’ API can be made to 
deadlock when two ‘tf.function’ decorated Python functions are 
mutually recursive. This occurs due to using a non-reentrant 
‘Lock’ Python object. Loading any model which contains mutually 
tensorflow -- tensorflow recursive functions is vulnerable. An attacker can cause denial of 
service by causing users to load such models and calling a 
recursive ‘tf.function’, although this is not a frequent scenario. The 
fix will be included in TensorFlow 2.7.0. We will also cherrypick 
this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and 
‘TensorFlow 2.4.4, as these are also affected and still in supported 
range. 


2021-11-05 


not yet 
calculated 


CVE-2021-41213 
MISC 
CONFIRM 








vim -- vim vim is vulnerable to Stack-based Buffer Overflow 2021-11-05 


not yet 
calculated 





CVE-2021-3928 
CONFIRM 
MISC 








vim -- vim vim is vulnerable to Heap-based Buffer Overflow 2021-11-05 


not yet 
calculated 





CVE-2021-3927 
CONFIRM 
MISC 








Improper Input Validation vulnerability in PC Worx Automation 
worx -- automation_suite Suite of Phoenix Contact up to version 1.88 could allow an 
attacker with a manipulated project file to unpack arbitrary files 
outside of the selected project directory. 


2021-11-04 


not yet 
calculated 


CVE-2021-34597 
CONFIRM 








WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin- 
dismiss-unsubscribe‘, which lacked a capability check and a 
nonce check and was available to unauthenticated users, and did 
not check the post type when deleting unsubscription requests. As 
wp -- dsgvo_tools such, it was possible for an attacker to permanently delete an 
arbitrary post or page on the site by sending an AJAX request with 
the “action” parameter set to “admin-dismiss-unsubscribe” and the 
“id” parameter set to the post to be deleted. Sending such a 
request would move the post to the trash, and repeating the 
request would permanently delete the post in question. 


2021-11-05 

















not yet 
calculated 








CVE-2021-42359 
MISC 
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